14 DAY TRIAL // In this Security app of the week article we’ll take a look at Acunetix Web Vulnerability Scanner, another important tool that can and should be utilized by security researchers, especially those who focus their efforts on finding flaws in websites.
In the past few months we have seen a lot of security experts and security enthusiasts who have reported finding cross-site scripting (XSS), SQL Injection and other types of weaknesses in popular websites and it’s a known fact that many of them used the Acunetix Web Vulnerability Scanner.
Acunetix Web Vulnerability Scanner is an easy-to-use tool, but it can be also successfully utilized by experts who want to thoroughly analyze a particular site.
To begin an analysis, all you have to do is press the “New Scan” button and enter the URL of the site you want to check. You can also select a scanning profile if you want to look for a particular type of vulnerability.
Of course, there are numerous settings that can be configured to meet the customer’s needs, but these are the basic steps that must be taken before starting a scan.
After the scan is complete, a detailed report is generated, displaying not only the vulnerabilities, but also the methods used to identify them. For a detailed introduction of the Acunetix Web Vulnerability Scanner 8 you can check out the video bellow.
But now let’s get back to another aspect of Acunetix Web Vulnerability Scanner. While many security experts rely on it to make their work easier, the result brought up by the software shouldn’t be considered conclusive without further analysis.
Acunetix does a great job improving the application to find new bugs and generate as few false positives as possible, but as many security researchers will tell you, it’s not bulletproof. The reports might not only contain false positives, but also vulnerabilities that in reality cannot be exploited.
That’s why our advice is to use the Acunetix Web Vulnerability Scanner to do a quick check, but before rushing to conclude that the site actually contains security holes, make sure to check the potential flaws by using old-school methods.
Also, once you find a clear vulnerability, don’t just make it public to give ill-intended hackers the opportunity to misuse it. Instead, practice responsible disclosure and report the issues to the website’s owners.
Acunetix Web Vulnerability Scanner is available for download here
