How Secure is Your Website?

PCQ Bureau
New Update

Acunetix WVS is a tool that automates the process of Web application security

testing. It analyzes any website or Web application and scans them for

exploitable vulnerabilities such as Blind SQL Injection, Cross-Site Scripting,

and Directory Traversal, etc.


To check how secure a website is against vulnerabilities, WVS crawls through

the whole website, lists out all related pages and then scans each page. On the

pages where some input from user is required, it tries different input

combinations for detecting vulnerabilities. Its JavaScript  analyzer can be

used for testing applications made in Web 2.0 apps and Ajax. It also has a

reporting tool with which one can compare scan results and create professional

reports of scans performed. WVS comes with a HTTP Fuzzer that tests a range of

variables for detecting input validation and buffer overflow vulnerabilities.

Direct Hit!
Applies To:

Security professionals


Automated security assessment for Web applications

Primary Link:

Google Keywords:


How to use WVS?

To scan a website using the WVS tool, go to File menu, and under 'New'

select 'Web Site Scan' option, which will start the 'Scan' wizard. Under the

Scan type choose the 'Scan single website' option, specify the I.P Address or

URL of the website to scan, and click on 'Next'. After performing a basic scan

on the website for detecting basic details such as base path, Web server,

operating system and technologies used on the website, the wizard will ask you

to confirm the target. Then it will optimize the scan according to the detected

tecnologies and will ask whether you want to modify the general crawler behavior

of WVS. Once you define that, select the scanning profile and the scanning mode

to be used.


There are 15 scanning profiles customized for specific tests that come with

this utility and there are three scanning mode options: Quick, Heuristic, and

Extensive. Quick Scanning mode only tests for the first value of the parameters

defined, where as in Heuristic mode the scanner automatically

determines the parameters for which it should test all values and those for
which it should test first values only. The Extensive Scanning mode is the one

that scans the website for all parameters and with all possible combinations.

Acunetix WVS automatically

detects and categorizes the

detected vulnerabilities in four severity levels

Lastly, the wizard will ask you to review the scan details. Once you click on

'Finish,' it will start scanning your website and shows results in 'Scan

Results' window. Under Alerts, you can see detected vulnerabilities, and their

severity level i.e. high, mdium, low or informational. To view further details

click on the specific vulnerability, you will see a brief description of

vulnerability, its impact and details on how to fix it.