by October 2, 2007 0 comments

Acunetix WVS is a tool that automates the process of Web application security
testing. It analyzes any website or Web application and scans them for
exploitable vulnerabilities such as Blind SQL Injection, Cross-Site Scripting,
and Directory Traversal, etc.

To check how secure a website is against vulnerabilities, WVS crawls through
the whole website, lists out all related pages and then scans each page. On the
pages where some input from user is required, it tries different input
combinations for detecting vulnerabilities. Its JavaScript  analyzer can be
used for testing applications made in Web 2.0 apps and Ajax. It also has a
reporting tool with which one can compare scan results and create professional
reports of scans performed. WVS comes with a HTTP Fuzzer that tests a range of
variables for detecting input validation and buffer overflow vulnerabilities.

Direct Hit!
Applies To:
Security professionals
Automated security assessment for Web applications
Primary Link:
Google Keywords:

How to use WVS?
To scan a website using the WVS tool, go to File menu, and under ‘New’
select ‘Web Site Scan’ option, which will start the ‘Scan’ wizard. Under the
Scan type choose the ‘Scan single website’ option, specify the I.P Address or
URL of the website to scan, and click on ‘Next’. After performing a basic scan
on the website for detecting basic details such as base path, Web server,
operating system and technologies used on the website, the wizard will ask you
to confirm the target. Then it will optimize the scan according to the detected
tecnologies and will ask whether you want to modify the general crawler behavior
of WVS. Once you define that, select the scanning profile and the scanning mode
to be used.

There are 15 scanning profiles customized for specific tests that come with
this utility and there are three scanning mode options: Quick, Heuristic, and
Extensive. Quick Scanning mode only tests for the first value of the parameters
defined, where as in Heuristic mode the scanner automatically
determines the parameters for which it should test all values and those for
which it should test first values only. The Extensive Scanning mode is the one
that scans the website for all parameters and with all possible combinations.

Acunetix WVS automatically
detects and categorizes the
detected vulnerabilities in four severity levels

Lastly, the wizard will ask you to review the scan details. Once you click on
‘Finish,’ it will start scanning your website and shows results in ‘Scan
Results’ window. Under Alerts, you can see detected vulnerabilities, and their
severity level i.e. high, mdium, low or informational. To view further details
click on the specific vulnerability, you will see a brief description of
vulnerability, its impact and details on how to fix it.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.