Website is very crucial part of any business now a days and web security is very important. web application technology is developing day by day but in other side hackers are also increasing to challenge the web apps and hacking into website. it is very dangerous when hackers stealing the valuable business information there for every website owner must check their website security and make sure there is no vulnerability in your website. there is a lot of vulnerability scanner tools but in this tutorial i am introducing you to one of the leading web vulnerability scanner tool Acunetix, this is very simple tool and you can work with Acunetix in windows OS also. i prefer this tool for people who don’t have much knowledge about Linux.
What is Acunetix Web Vulnerability Scanner
In Acunetix’s own words:
“Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.”
The need to be able to test applications in depth and further than traditional vulnerability management tools (e.g. Nessus, Nexpose, etc.) do, has created a market with several players in the Application Security space. Whereas Nessus / Nexpose are vulnerability management (VM) tools, Acunetix focuses more on web application vulnerabilities and variants thereof, and does a much better job at detection than traditional VM tools.
In this tutorial I shall be taking Acunetix WVS for a spin and explaining some of its unique features.
How To Perform Acunetix Vulnerability Scan
Before starting a scan, I needed a vulnerable site to test. Acunetix maintains its own test sites which you can scan to test the product.
Starting a new scan is as simple as starting the Scan Wizard by clicking the New Scan button in the main toolbar. The wizard will walk you through some options you can use to customize the scan.
We first need to tell Acunetix Web Vulnerability Scanner what site we’d like to scan. In this case, I’ll be sticking with the PHP test site above (i.e. http://testphp.vulnweb.com).
Next, we’ll need to select a Scanning Profile. A Scanning Profile is a logical grouping of tests that perform a specific group of tests. This feature allows you to customize what tests you want or don’t want Acunetix WVS to run. You can choose from the several built-in Scanning Profiles, or you can create custom Scanning Profiles that suit your specific requirements.
The Default Scanning Profile includes every test Acunetix Web Vulnerability Scanner can run. However, let’s assume I’m only concerned about high-risk alerts, I can customize the scan to only test for those vulnerabilities.
Scanning Profiles are not the only way to customize a scan — Scan Setting allows very granular control over your scan. Most users will not need to modify these settings since the defaults have been carefully selected to cater for the vast majority of websites and web applications. However, since I happen to be connecting to the internet using an HTTP proxy, I’ll go ahead and configure that from here by clicking the Customize button next to the Scan Settings list box.
Should you need them, Acunetix WVS also has advanced options you can leverage if you need even more control over the pages you want (or don’t want) the scanner crawl and scan.
You can select which pages you want to exclude from a scan using the After crawling let me choose the files to scan option, and even import results from other tools such as Portswigger’s BurpSuite and Telerik’s Fiddler, and of course Acunetix WVS’ built-in HTTP Sniffer.
Being a black-box scanner, Acunetix WVS can scan any website or web application, regardless of the technologies, or programming languages it uses — it essentially tests a website or web application without any prior knowledge of how that site works, just like a real attacker would.
Having said this, Acunetix Web Vulnerability Scanner has some intelligent tricks up its sleeve to optimize the scan for a specific technology. Acunetix WVS will try to fingerprint the web application in order to detect the technologies it is using to cut-down on the scan time. E.g. If I’m testing a site built using PHP, there is no reason to look for vulnerabilities that can only exist in ASP.NET applications.
How to Scan Password Protected Areas of a Website:
Because this site has a login page, we need to create a Login Sequence in order to instruct the scanner on how to log into the application. This is an essential part of the scanning process, and something that is usually difficult or tedious to set-up properly with other scanners. You can either attempt to have the scanner log in for you (this will work for most simple sites with just a username and password), or else you can create a Login Sequence manually (works better for more complex logins and provides much more control).
Acunetix Web Vulnerability Scanner makes creating a Login Sequence dead-easy, simply go through your normal login process of signing into an account; you’ll notice that your actions are being recorded. The scanner will replay these actions to log in during the scan.
You can also use the replay button at the bottom-left of the Login Sequence Recorder window to replay your actions just to make sure everything is working correctly.
Once you click Next you have the option of selecting what links you do not want the scanner to click on while logged in. We obviously don’t want the scanner to get logged out of the session during a crawl or a scan, so I’ll be clicking on the Logout link in order to restrict it, however you are free to set-up as many restrictions as you like. It’s also worth noting that the Login Sequence Recorder also has support for restricting links with nonces (one-time tokens in links) by using wildcards.
Once you’re done restricting links, click Next. A Login Sequence alone is not enough. The scanner needs to understand when it is logged in and when it is logged out. The Login Sequence Recorder needs what is known as a Session Pattern.
A Session Pattern is nothing more that something unique between a logged in and a logged-out state of a web application. The Login Sequence Recorder will detect this pattern automatically for you; however, you’re free to customize this pattern if you wish to do so.
Clicking Finish, will ask you to save the Login Sequence you’ve just created. This can be used at a later date so you don’t need to go through the process of creating a Login Sequence every time you want to scan the same site.
You will then be presented with the final screen of the Scan Wizard which gives you the option of saving any Scan Settings you might have set. In addition, Acunetix WVS is smart enough to identify if a site provides a different response to a mobile User Agent string and it will ask you if you’d like to change your User Agent string to say that of an iPhone or an Android device — handy if your site is mobile friendly.
Website Vulnerability Scan Results:
After the crawl and scan is complete, Acunetix WVS, will list a list of high-severity vulnerabilities that it detected on the test site.
The moment you click on a specific vulnerability (SQL Injection in this case), Acunetix WVS reveals not only which input parameter is vulnerable but it will also list variations of an attack on that parameter.
Selecting one of the variations of vulnerability explains the vulnerability in great detail. The scanner will first provide a summary of the vulnerability, and then it will proceed to explain what the impact of such vulnerability is and how to fix the vulnerability.
If you’ve installed Acunetix AcuSensor (this is optional), a server-side component for PHP and .NET applications that communicates with Acunetix WVS, results for vulnerabilities such as SQL Injection will even include the file and the vulnerable line of code!
The alert will then provide you with further information containing a lengthier explanation of the problem, as well as more details on how to fix the vulnerability together with a list of reference URLs where you can read-up more about the subject, just in case the scanner found something you’re not quite familiar with.
In addition to all of the above, Acunetix Web Vulnerability Scanner also comes bundled with a range of integrated manual penetration testing tools. These tools allow auditors to run automated scans and verify results manually without the need for switching tools.
Acunetix WVS offers security professionals and software engineers alike a range of stunning features in an easy, straight-forward and very robust package. Of course this review can only cover so much, and while this tutorial aims to provide a broad overview of the product, there are several other useful features that were not included.