Professional Documents
Culture Documents
Getting Started
V7
By Acunetix Ltd.
Starting a Scan
The Scan Wizard allows you to quickly set-up an automated crawl and scan
of your website. An automated scan provides a comprehensive and deep
understanding of the level website security by simply reviewing the individual
alerts returned.
This chapter explains the process of launching a security audit of your
website through the Scan wizard.
NOTE:
DO
NOT
SCAN
A
WEBSITE
WITHOUT
PROPER
AUTHORISATION! The web server logs will show the scans and any attacks
made by Acunetix WVS. If you are not the sole administrator of the website
please make sure to you warn other administrators before performing a scan.
Some scans might cause a website to crash requiring a restart of the
website.
Scan Range of Computers - This will scan a specific range of IP's (e.g.
192.168.0.10-192.168.0.200) for target sites which are open on the
specified ports (Default 80, 81 and 443).
Acunetix WVS will automatically probe the target website(s) for basic details
such as operating system, web server, web server technologies and whether
a custom error page is used (For more details on Custom Error Pages refer
to the section Settings > Scanner Settings > Custom 404 Pages in the user
manual).
The web vulnerability scanner will optimize the scan for the selected
technologies and use these details to reduce the number of tests performed
which are not applicable (e.g. Acunetix WVS will not probe IIS tests on a
UNIX system). This will reduce scanning time.
Click on the relevant field and change the settings from the provided check
boxes if you would like to add or remove scans for specific technologies.
Crawling Options
The Crawler traverses the entire website and identifies its structure. The
following crawling options may be configured:
Start HTTP Sniffer for manual crawling at the end of the scan process.
Submit forms.
Analyze JavaScript.
If the scan is from a saved crawl result, these options will be grayed out.
Note: Using default crawling options allows you to scan your websites
without any problems. If you would like to tweak the crawling options, please
refer to Configuring the Crawler section in the user manual.
Scanning Profile
The Scanning Profile will determine which tests are to be carried out against
the target site. For example, if you only want to test your website(s) for SQL
injection, select the profile sql_injection and no additional tests would be
performed.
Refer to the Scanning Profiles chapter in the user manual for more
information on how to customize existing profiles and create new scanning
profiles.
Scan Options
From this section you can select the Scanning Mode which will be used
during the scan. The scanning mode options are the following:
Quick - In this mode the scanner will test for just the first value of
every parameter.
The other options which you can select from this step of the wizard are:
This option will generate a lot of HTTP traffic and will extend the
scanning time if the website being scanned is very large.
Enable Port Scanning - Tick this option to run the port scanner
against the web server during a website scan. For more details about
the Port Scanner refer to page Error! Bookmark not defined.
Configuring the Port Scanner.
Note: If the scan is being launched from saved scan results, in the
Enable AcuSensor Technology section you can specify to use sensor
data from crawling results without revalidation, or to not use sensor data
from crawling results or to revalidate sensor data from the drop down
menu.
The scan wizard will automatically try to detect whether the site uses custom
error pages. If it does, WVS will display the custom error page and will
automatically attempt to locate the unique identifier of such an error page; in
this case Error 404: Page Not Found. If it does not detect custom 404 error
pages but the site uses them, then they have to be configured manually.
Note: Typically, most of the websites return 404 errors when a requested
URL is not found. If you need to configure a Custom 404 Error page, refer to
the section Settings > Scanner Settings > Custom 404 Pages in the user
manual.
10