Acunetix Web Vulnerability Scanner v8 BETA Released
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Improved web security check scripts
- All security check scripts have been optimized to reduce false positives even further
- The scanner checks for the latest variants of vulnerability classes like XSS, SQL injection, and more.
Manipulation of inputs from URLs
Acunetix WVS can automatically detect URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Automatic IIS 7 rewrite rule interpretation
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Support for custom HTTP headers
To function correctly, some web applications need incoming requests to contain specific HTTP headers. It is now possible to define custom HTTP headers to be used during automated scans.
Imperva Web Application Firewall integration
An exciting co-operation between Imperva and Acunetix: WVS 8 scan results can be automatically imported into an Imperva Web Application Firewall and interpreted as rules.
New vulnerability class: HTTP Parameter Pollution
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Multiple instance support
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites and opening up further support for multi-user scenarios on the same server/workstation.
Redesigned Scheduler
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance and thereby allowing scans to complete in less time.
Automatic custom 404 error page recognition and detection
Acunetix WVS 8 can automatically determine if a custom error page is in use and recognizes it without requiring any custom 404 recognition patterns to be configured for a scan
Scan settings templates
WVS 8 now allow the settings for the scan of a specific application to be saved as individual templates, making it quick and easy to recall the exact settings for a website each time it is scanned. This is particularly useful when scanning multiple sites, allowing the user to load the template for each site instead of re-configuring all the settings manually.
Simplified Scan Wizard
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Smart memory management
The following settings have been added to ensure even the most complex scans will complete automatically, and successfully:
- Define number of files per directory
- Limit number of subdirectories per website
- Assign Crawler memory limit
Real-time Crawler status
Crawler data is now updated in real-time information and provides live feedback how many files have been crawled, how many inputs have been detected, and more.
Scan termination status included in report
Reports now include the termination or completion status of each vulnerability scan. For example: the report will display if the scan was completed successfully or halted manually.
Web application coverage report
A new report template that lists all the web application files crawled and specific vulnerability tests performed on each file.
Log file retention
It is now possible to define the retention span before log files are automatically flushed; to ensure logs are not deleted each time WVS is restarted.
More Information: