Web Vulnerability Scanner v10 Product Manual
Contents
1. Scan of http testphp vulnweb com Scan details Start time 20 10 2014 14 47 44 Finish time 20 10 2014 15 02 03 Scan time 14 minutes 19 seconds Profile Default Responsive True Server banner nginx 1 4 1 Serer OS Unknown Server technologies PHP Threat level A acunetix threat level Acunetix Threat Level 3 Level 3 High One or more high severity type vulnerabilities have been discovered by the scanner A a malicious user can exploit these vulnerabilities and compromise the backend database and or deface your website Alerts distribution Total alerts found High Medium Low Informational Screenshot Sample Report The second method is to load the Acunetix Web Vulnerability Scanner Reporter from the Acunetix Web Vulnerability Scanner Program Group This will allow you to report on the scans that have been saved to the Reports database 1 From the Reports list select the type of report and click on Report Wizard 2 In the case of Compliance Report select the Regulatory body or Standard to be used in the report Click Next Compliance Report Wizard a x Report Style Select the compliance report style you want to use Ea 2011 CWE SANS Top 25 Most Dangerous Software Errors a The Health Insurance Portability and Accountability Act HIPAA ql Intemational Standard ISO 27001 Ea NIST Special Publication 800 53 Revision 4 Security and Privacy Controls for Feder2. Username joedoe Password EKER ETEX Email address where you will receive the email notifications eceania cc Email address from where you will receive the email notification From j no reply acunetix com Click Here to Verify Settings Screenshot Scheduler email notifications In this section you can specify the settings for email notifications such as SMTP server IP or FQDN port SMTP server authentication optional and the email address where notifications will be sent Excluded hours templates M Exduded Hours Templates Define time intervals when scanning is allowed disallowed Running scans will be paused and resumed accordingly E Add Remove Selected Edit Nine to five No weekends Except working hours Screenshot Excluded Hours Templates In the Excluded Hours Templates section you can specify a range of hours to pause on going scans E g if you do not want to scan your website during times of high traffic Excluded Hours Template x Template Name New template E Allowed J Not allowed Cae Screenshot Excluded Hours Configuration To add a new Excluded Hours Template click on the Add button and then 1 Specify a name of the template in the Name input field 2 Highlight the hours of the day when scans should not run 3 Click OK to save the new template Note If a scan is still running
3. EEE E a ig S Reporter 5d Page Settings E Affected Items Default report template when called from WVS Developer Report v E Developer Report E Executive Summary B z E Quick Report JEBEL i Compliance Report IV Cover page enabled E Scan Comparison E Monthly Vulnerabilities V Display left image i Report Preview s DefauttLeftimage amp Configuration E Settings Database Explorer racunetix Restore to Default V Display right image DefauitRight mage eu apr carick seeuairy Restore to Default Report title Acunetix Website Audit Footertext Acunetix Website Audit Activity Window Screenshot Reporter Options General Settings Configure the default report template for generating a report Report Options Select custom icons logos headers and footers to customize the report From the Page Settings node you can configure the default page size orientation and margins of your reports These settings will apply to all reports Saving Reports Once you have generated your report you can use the toolbar at the top to save the report in PRE prepared reports format which will allow you to review the report later You can also export the report to PDF HTML Text Word Document and BMP or print the report Changing the Reporter Database Acunetix Web Vulnerability Scanner stores the scan results in a backend database By default Microsoft Access is used Yo
4. lt meta http equiv Content Type content text html Screenshot Subdomain Scanner Using various techniques the Subdomain scanner allows fast and easy identification of active sub domains of a top level domain The Subdomain Scanner can be configured to use the target s DNS server or any other DNS server specified by the user More information about the Subdomain scanner can be found here http www acunetix com blog docs subdomain scanner Blind SQL Injector A Acunetix Web Vulnerability Scanner NFR Evaluation Editon SS File Actions Tools Configuration Help New Scan B PAE Anjer alaa ig gt Gm3 eal e dalee q HTTP Request Settings Tools q Oefadt vake 1 D 1 GET artists php artist injecthere HTTP 1 1 2 Cookie mycookie 3 3 Host testphp vulnweb com 80 4 Connection Keep alive 5 Accept Encoding gzip deflate 6 User Agent Mozille 4 0 compatible MSIE 6 0 Windows NT 5 0 NET CIR 1 1 4322 7 8 Look for O O B m 4 E ran text X 9 es VID OAD RACH 01 A artistid a vacha lte i 408173 lt p gt DALorem ipsum dolor SR 2 BladS lt p gt 0ALorem ipsum dolor of cust 3 lyzoe lt p gt 6OALorem ipsum dolor st o artist jd int E T aname varchar T adese text TE in 7 ateg T featured S aptent tact socosqu ad Altera torquent per comubia nostra per inceptos hymenaeos Alquan bas OAMauris magna eros semper a tempor et rutrum et tortor O0A lt p gt Activ
5. http www facebook com Acunetix
6. 200 Detected applicat Q Templates Ok 200 R wvstests Ok 200 R _mmServerScripts Ok 200 O 404php Ok 200 H e adminPan3l Found 302 i fo artists php Ok 200 cart php Ok 200 Eo categories php Ok 200 E 4 o Raters ET Rend Inputs View 4 gt Z Screenshot Site Structure In the Crawler results Site Structure node color codes are used to show different file statuses The filename color coding is as follows e Green These files will be tested with AcuSensor Technology resulting in more advanced security checks and less false positive alerts From the AcuSensor data tab the user can see what data related to these files is being returned by the AcuSensor Such information is useful to know what SQL queries were executed or if the selected file is using functions which are monitored by AcuSensor e Blue File was detected during a vulnerability test and not by the crawler Most probably such files are not linked from anywhere on the target website e Black Files discovered by the crawler For every discovered item more detailed information is available in the information pane on the right hand side e Info Generic information such as file name page title path length URL etc e Referrers The files or pages that linked to the tested file e HTTP Headers The HTTP headers of the request sent to the web server to retrieve the selected file and the HTTP response headers
7. E8 OWASP TOP 10 2013 E Payment Card Industry Data Security Standard version 3 0 gi Sarbanes Oxley Act of 2002 Ea DISA STIG Web Security La Web Application Security Consortium Threat Classification Payment Card Industry Data Security Standard version 3 0 The Payment Card Industry Data Security Standard PCI DSS was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data PCI DSS applies to all gt acunetix Screenshot Select Compliance Report You can then select to show the results of all the scans stored in the reports database or to filter the scans that are displayed based on specific scan criteria Click Next Compliance Report Wizard xj EN Filter Scans Filter Scans If you have a big database of scan results you may want to filter the results displayed on the selection page MM Select Scan i Properties Number of scans to show 25 Riter by stat URL target Fiter by date o Hide not responsive Hide aborted acunetix Screenshot Filter Scans 4 Select the scan that you would like to report on Compliance Report Wizard xj Select Scan Select the scan result which will be the source of the repot You can also select individual alerts or
8. SS Thi f the most lication layer attack tly bei d on the Internet Despite the fact IS IS one ol je most common application layer attacks currently being used on the Internet Despite the fa S jecti 43 a o mre A on verified 43 that it is relatively easy to protect against there is a large number of web applications vulnerable S E E AJAX infoartist php 1 This vulnerability affects artists php Gt E AJAX infocateg php 1 Discovered by Scripting Sql_Injection script a C AIAX infotite php 1 D Arsene E artists php 2 Vulnerability details artist 1 Source file hj variwwwilartists php line 61 Additional details login 1 E cart php 6 f El guestbook php 1 SQL query SELECT FROM artists WHERE artist_id lACUSTART aA RkACUEND amp a jistproducts php 4 mysql_query was called m E Mod_Rewrite_Shop buy php 1 E Mod_Rewrite_Shop details php 1 Attack details E E Mod_Rewrite_Shop rate php 1 irae B product php 2 URL encoded GET input artist was setto TACUSTART aAGRKACUEND oi eee ofl y View HTTP headers Screenshot Grouping of vulnerabilities If the same type of vulnerability is detected on multiple pages the scanner will group them under one alert node Expanding the alert node will reveal all the vulnerable pages Expand further to view the vulnerable parameters for the selected page Saving Loading Scan Results
9. Screenshot Acunetix NET AcuSensor Technology Agent 4 On start up the Acunetix NET AcuSensor Technology Installer will retrieve a list of NET applications installed on your server Select which applications you would like to inject with AcuSensor Technology and select the Framework version from the drop down menu Click on Inject Selected to inject the AcuSensor Technology code in the selected NET applications Once files are injected close the confirmation window and also the AcuSensor Technology Injector Note The AcuSensor installer will try to automatically detect the NET framework version used to develop the web application so you do not have to manually specify which framework version was used from the Target Runtime drop down menu Installing the AcuSensor agent for PHP websites This section describes how to install AcuSensor in an ASP NET web application 1 Locate the PHP AcuSensor file of the website you want to install AcuSensor on Copy the acu_phpaspect php file to the remote web server hosting the web application The AcuSensor agent file should be in a location where it can be accessed by the web server software Acunetix AcuSensor Technology works on websites using PHP version 5 and up 2 There are 2 methods to install the AcuSensor agent one method can be used for Apache servers and the other method can be used for both IIS and Apache servers Method 1 Apache htaccess file Create a htaccess file in the websi
10. WASC is a non profit organization made up of an international group of security experts which has created a threat classification system for web vulnerabilities This report groups the vulnerabilities identified on your site using the WASC threat classification system Scan Comparison Report Fa Acunetix WVS Reporter O x ace E _eiealsioalas 7a i f Scan details PP Sparen cit Start URL New i F S Dady listing First scan http testphp vulnweb com 80 Jadmin Second scan http testphp vulnweb com Connections Waming The URL of the two scans is not matching Comparing two totally different scans can lead to misinformation CVS Plash Threat levels Amages First scan Second scan Mod_Rewrite_Shop images pase acunetix threat level acunetix threat level emplates paars Level 3 High Level 3 High Aste ome 2 119 _ _ n wvstests pmwiki_2_1_19 scripts Gt Documentation fle Acunetix Threat Level 3 Acunetix Threat Level 3 CVS Read Me bt i A Flash Read Me bt One or more high severity type vulnerabilities have been One or more high severity type vulnerabilities have been mages Read Me bt discovered by the scanner A malicious user can exploit discovered by the scanner A malicious user can exploit Awystests pmwiki_2_1_19 Read Me be these vulnerabilities and compromise the backend these vulnerabilities and compromise the backend wvstests pmwiki_2_1_19 scripts Read Me bt databa
11. When a scan is completed you can save the scan results to an external file for analysis and comparison at a later stage The saved file will contain all the scans from the current session including alert information and site structure e To save the scan results click the File menu and select Save Scan Results e To load the scan results click the File menu and select Load Scan Results Scanning Web Services Web Services like any other internet dependent systems present new exploit possibilities and increase the need for security audits The Web Services Scanner performs automated vulnerability scans for Web Services and generates a detailed security report of the results TB Acre Web Venerbiy Samer OF vation Eon a File Actions Tools Configuration Help New Scan By Be 6 fHe s daD z GF lal i Report WSOLURL http testaspnet vulnweb com acuservice service asmx WSDL v Profile ws_default E start amp g is Alerts summary 4 alerts M acunetix threat level Acunetix Threat Level 3 I SA injection 2 yp One or more high severity type vulnerabilities have been discovered by x j vel 3 Hig the scanner A malicious user can exploit these vulnerabilities and S E http testaspnet vulnweb ice servic Beto festaspnet vdrweb comacuservice compromise the backend database and or deface your website Service ServiceSoap Getlserinfo username 1 D variant 1 f H Service ServiceSoap12 GetUser
12. for a Cross Site Scripting alert the name of the exploited input variable and the string it was set to will be displayed You can also find the HTTP request sent to the web server and the response sent back by the web server including the HTML response The attack can be inspected and re launched manually by clicking Launch the attack with HTTP Editor For more information please refer to http www acunetix com blog docs http editor How to fix this vulnerability Guidance on how to fix the vulnerability Detailed information More information about the reported vulnerability Web references A list of web links providing more information on the vulnerability to help you understand and fix it Marking an Alert as a False Positive If you are certain that the vulnerability discovered is a false positive you can flag the alert as a False Positive to avoid it being reported in subsequent scans of the same website To do this click on the Mark alert as false positive link or right click on the alert and select the menu option You can remove an alert from the false positives list by navigating to the Configuration gt Application Settings node in the Tools Explorer and select the False Positives node Network Alerts m6 j Screenshot Network Port Scanner and Knowledge base nodes The Network Alerts node displays network level vulnerabilities discovered in scanned network services such as DNS FTP SMTP and SS
13. Directory P and Domain Restrictions Service Interface ADSI APIs Screenshot Enable IIS 6 Metabase Compatibility on Windows 2008 On Windows 2008 you must also install IIS 6 Metabase Compatibility from Control Panel gt Turn Windows features On or Off gt Roles gt Web Server IIS gt Management Tools gt IIS 6 Management Compatibility gt IIS 6 Metabase Compatibility to enable listing of all NET applications running on server 2 Copy the AcuSensor installation files to the server hosting the NET website racunetix Acunetix WVS NET AcuSensor Installer Iratalahon detads Installation deectory C Progam Fies Acuna AnS entolrecto 3 v Create shutout on Desktop v Ceste shortcut on Stat Menu Programs folder v Start application alter the inutallaion is completed Screenshot Acunetix NET AcuSensor Agent installation 3 Double click Setup exe to install the Acunetix NET AcuSensor agent and specify the installation path The application will start automatically once the installation is ready If the application is not set to start automatically click on Acunetix NET AcuSensor Technology Injector from the program group menu E Acunetix NET AcuSensor Injector DXI Select the applications you want to inject uninject from the list bellow Refresh 10a ecuforun 1G acublog SE m RAT acu Ai acublog A Root Target Runtime NET Framework version 2 0 Ingect Selected Urinject Selected
14. Error HTTP 500 Check the response for information exposure Site Structure The Site Structure Node displays the layout of the target website including all files and directories discovered during the crawling process A Acunetix Web Vulnerability Scanner Enterprise Edition ioj xj Fie Actions Tools Configuration Help New Scan a DOETE E amp Oe lei a 9 A 4A 23 di Tools Explorer a a ed eR di Report 2 start URL http testphp veinweb com 80 Profile Defaut B Start Web Vulnerability Scanner SAANA Status Hide Tab Information a Web Scanner EF A Site Stuchre This page shows general information about the selected fie Right dick H E Tools Ok 200 JV on items for more options H Web Services 3 idea Ok 200 H Configuration i s Ok 200 _ Filename artists php H E General aa One E Page title artists i GD bxss Ok 200 Filepath artists php E URL http testphp vulnweb com artists php E Connections ee HTTP Result Ok 200 D cvs Ok 200 Length 4Kb Q Flash Ok 200 File willbe scanned True Q hpp Ok 200 Content type text html images Ok 200 Aspect enabled true H R medias Not Found 404 Discovered from fuserinfo php Mod_Rewrite_Shop Ok 200 Variations 3 pictures Ok 200 Status File was processed H secured Ok
15. HTP Sniffer Response Headers Response Data View Page HTTP Fuzzer Authentication Te E Compare Results B E Web Services gt Configuration Date Thu 24 Jan 2013 12 22 57 GMT Server Apache 2 2 14 Ubuntu mod_mono 2 4 3 PHP S 3 2 lubuntu4 5 wi Last Modified Wed 04 Apr 2012 03 11 46 GMT 46 763 549 1 4ocd 1c89 16080 Screenshot Target Finder The Target Finder is a scanner that allows you to locate web servers generally on ports 80 443 within a given range of IP addresses If a web server is found the scanner will also display the response header of the server and the web server software The port numbers to scan are configurable More information about the target finder can be found here http www acunetix com blog docs target finder Subdomain Scanner a Acunetix Web Vulnerability Scanner Consultant Edition File Actions Tools Configuration Help l tl SR aay aE 50 116 82 164 87 230 29 167 MY Mcrosoft 1IS 6 0 87 230 29 167 Mf Mcrosoft IIs 6 0 HTP Fuzzer Authentication Teste 6 HP amp ms _Biceoeeteae Remeber SSS BH Yr EHE Web Services rrS S EE Configuration a O ai e G m lt 4 gt General lt DOCTYPE HTML PUBLIC W3C DID HTML 4 01 Transitional EN http www w3 org TR html4 loose dtd gt lt htmi gt lt InstanceBegin template Templates main_dynamic template dwt php codeOutsideHTMLisLocked false gt lt head gt
16. OWASP is renown for its work in web security specifically through its list of top 10 web security risks to avoid This report shows which of the detected vulnerabilities are found on the OWASP top 10 vulnerabilities Payment Card Industry PCI standards Availability OVS and WVS The Payment Card Industry Data Security Standard PCI DSS is an information security standard which applies to organizations that handle credit card holder information This report identifies vulnerabilities which might breach parts of the standard and groups the vulnerabilities by the requirement that has been violated Sarbanes Oxley Act Availability OVS and WVS The Sarbanes Oxley Act was enacted to prevent fraudulent financial activities by corporations and top management Vulnerabilities which are detected during a scan which might lead to a breach in sections of the Act are listed in this report DISA STIG Web Security Availability OVS and WVS The Security Technical Implementation Guide STIG is a configuration guide for computer software and hardware defined by the Defense Information System Agency DISA which part of the United States Department of Defense This report identifies vulnerabilities which violate sections of STIG and groups the vulnerabilities by the sections of the STIG guide which are being violated Web Application Security Consortium WASC Threat Classification Availability OVS and WVS The Web Application Security Consortium
17. Specify the name of an existing scan settings template If no scan settings template is specified the default scan settings template will be used e Scan Mode Specify the scan mode to be used during the scan The options are quick heuristic and extensive If no scan mode is specified the default scan mode will be used e Generate Report Specify if a report should be generated after the scan The options are yes or no If nothing is specified no report will be generated e Report Format If you specified the generate report option then you have to specify the report format as well The options available are PDF RTF REP or HTML If you do not specify any format a PDF report will be generated e Notification Email Address Specify the email address where the email should be sent upon completion of the scan If an email is not specified the default email address configured in the Acunetix Web Vulnerability Scanner GUI will be used If you would like to omit an entry so the default value is used simply leave a space between the commas Some examples follow Example 1 To scan testphp vulnweb com on the 5 of November 2014 at 10pm using the default values use the below line in the CSV file http testphp vulnweb com 05112014 2200 Example 2 To scan testasp vulnweb com on the 5 of November 2014 at 3 15pm using the XSS Cross site scripting scanning profile without login sequence default scan settings using the extens
18. The Web Alerts node displays all vulnerabilities found on the target website Web Alerts are categorized according to 4 severity levels Severity HIGH High Risk Alert Level 3 Vulnerabilities categorized as the most dangerous which put a site at maximum risk for hacking and data theft Medium Risk Alert Level 2 Vulnerabilities caused by server misconfiguration and site coding flaws which facilitate server disruption and intrusion Severity Low Risk Alert Level 1 Vulnerabilities derived from lack of encryption of data traffic or directory path disclosures Severity INFO Informational Alert These are items which have been discovered during a scan and which are deemed to be of interest e g the possible disclosure of an internal IP address or email address or matching a search string found in the Google Hacking Database More information about the vulnerability is shown when you click on an alert category node e Vulnerability description A description of the discovered vulnerability The AcuSensor logo is displayed in the Vulnerability Description for the vulnerabilities that are detected using the AcuSensor Technology Affected items The list of files vulnerable to the discovered vulnerability The impact of this vulnerability Level of impact on the website or web server if this vulnerability is exploited e Attack details Details about the parameters and variables used to test for this vulnerability E g
19. can be used to generate various types of reports including developer reports executive reports compliance standard reports or a report that compares the results of two scans Generating a Report from the Scan Results There are two ways to generate a report After scanning a site click on the ui Report button on the Acunetix toolbar This will start the Acunetix Web Vulnerability Scanner Reporter and will load the Default Report for the scan The Default Report used can be selected from the Reporter Settings RA Acunetix WVS Reporter E EO ele Gis mia lol x Je Knowledge base Alerts summary E Alerts details Blind SQL Injection CRLF injection HTTP Cross site scripting Cross site scripting ve Directory traversal ver HTTP parameter pollut nginx SPDY heap buff Script source code dis Server side request for SQL injection verified Weak password htaccess file readable Application error messz Backup files Directory listing Eror message on page HTML form without CS Insecure crossdomain JetBrains idea project PHP allow_url_fopen PHP errors enabled PHP open_basedir is r PHPinfo page found Source code disclosur URL redirection User credentials are se WS_FTP log file founc Clickjacking X Frame Cookie without HttpOr Cookie without Secure Documentation file Hidden form input nam Login page password MySQL usemame disc Possible virtual host fo Broken links Email address found GHDB Default phpinfc
20. during the excluded hours the scan will be automatically paused and resumed again when scanning is allowed Creating a Scheduled scan 1 Access the Scheduler interface by clicking the Scheduler Icon ZA on the toolbar in the Acunetix Web Vulnerability Scanner interface or browse http 127 0 0 1 8181 using a web browser Note JavaScript should be enabled to access the Acunetix Scheduler web interface acunetix WEB APPLICATION security D New scan Import CSV Screenshot Acunetix Scheduler web interface 2 Click on the New scan button to add a new scan You can add as many scans as you wish If the scan schedule overlaps they will be scanned in parallel You can increase or decrease the number of parallel scans from the Scheduler configuration in the Acunetix Web Vulnerability Scanner application settings 3 If you would like to import a number of scans up to 2 000 using a CSV file click on the Import CSV button You can read more about this feature later in this chapter Scheduled Scan Basic Options Basic options Scan type Scanasinglewebsite H WebsteuR s lt C SsSSSSCCC C lt C lt C C Recursion bne Date hoz2520 Oo O So Time Mas aae Advanced options Crawling options gt Scan results and reports OK Cancel Screenshot Acunetix Scheduler Basic options The Basic Options allow you to specify which target s to scan as well as the scan recur
21. identified during that month Scheduling Scans The Scheduler application allows you to schedule scans at a convenient time without requiring Acunetix Web Vulnerability Scanner or the Acunetix Web Vulnerability Scanner Scheduler Interface to be running Configuring the Scheduler service The Acunetix Scheduler has a web based interface that can be configured through the Acunetix Web Vulnerability Scanner application settings To access the Scheduler service settings navigate to Configuration gt Application Settings gt Scheduler node Configuring the Scheduler web interface Web Interface 8181 aj Listen on port 8181 http localhost 6181 Allow remote computers to connect Use HTTPS Change administrative password Screenshot Scheduler web interface configuration By default the Scheduler web interface is only accessible via localhost and on port 8181 http localhost 8181 If you would like the Scheduler web interface to be accessible from other remote computers tick the Allow remote computers to connect option When enabled you will be prompted to specify a username and password for HTTPS to be automatically enabled For security reasons login credentials must always be defined when the scheduler web interface is configured to be accessed remotely Note When you change any of the Web Interface settings upon clicking the Apply button restart the Acunetix WVS Scheduler service
22. on File gt New gt New Website Scan to start the Scan Wizard or click the New Scan button on the top left hand of the Acunetix Web Vulnerability Scanner menu bar Scan Type Select whether you wart to scan a sge website of anahoe the sends of a prewour crowd r Scan type imkis apies at rog lettered glaa prre oeb whole site you can enter the ful path below The application supports HTTP and HTTPS websites Scan tingle webste Website URL Ppt Aniano vura cor E2 It pou sawed the ste shuchze using the ste crawler tool pou can ute the saved sends here The sean well load thet data hom the fie ruiesd of crewing the ute agan Soan using saved cranding iende Fllorvnene B Hf you reant to soan a kit of webaites ure the Acunetix Scheduler You can socess the scheduler interface by choking the ink below acunetix Hip Mocalhost 81817 sie ie coe Screenshot Scan Wizard Select Scan Type 2 Specify the scan options a Scan single website Enter the URL of the target website e g http testphp vulnweb com b Scan using saved crawling results If you previously performed a crawl on a website you can use the saved results to launch a scan instead of having to crawl the website again 3 Click Next to continue Note The Acunetix Web Vulnerability Scanner Scheduler can be used to scan websites at a specific time and to configure recurring scans Step 2 Specify Scanning Profile Scan Settings Template and
23. received Inputs Possible input parameters and values for the file View Source The source HTML of the page View Page The page is displayed as it is shown in a web browser Most client side scripts are disabled in this tab for security purposes to avoid launching vulnerabilities against the computer on which Acunetix Web Vulnerability Scanner is running e AcuSensor Data Any AcuSensor Technology data returned e Alerts A list of alerts for the selected file In addition each item contains the HTML Structure Analysis which includes e A list of links discovered in the file e Comments discovered in the selected page The information contained in the comments cannot be automatically analyzed but may reveal interesting information about the construction and coding of the website e Any client side scripts JavaScript VBScript etc and their source code discovered in the selected page The client web browser will execute these scripts This might reveal information about the logic of the web application e Any forms discovered in the selected object are shown in the top window A list of parameters and their possible values are shown in the middle and bottom window e A list of META tags discovered in the selected object META tags contain information about the website e g the description and keywords META tags used by search engines META tags with an HTTP EQUIV attribute are equivalent to HTTP headers Typically such META t
24. requests 1000 Request Results GET listproducts php cat Gen_1 HTTP 1 1 Add Generator insert into Request Remove Generator Generators Referer http testphp vulnweb com Cookie mycookie 3 Name __ Type Detads _ e lt a Host testphp vulnweb com Geni Number generator Range 0 999 Step 1 Enc None Pad Connection Keep alive Accept Encoding gzip deflate User Agent Mozilla S 0 compatible MSIE 9 Accept Screenshot HTTP Fuzzer The HTTP Fuzzer enables you to launch a series of sophisticated fuzzing tests to audit the web application s handling of invalid and unexpected random data The HTTP Fuzzer also allows you to easily create input rules for further testing in Acunetix Web Vulnerability Scanner An example would be the following URL http testphp acunetix com listproducts php cat 1 Using the HTTP Fuzzer you can create a rule that would automatically replace the last part of the URL 1 with numbers between 1 and 999 Only valid results will be reported This degree of automation allows you to quickly test the results of a 1000 queries without having to perform them one by one More information about the HTTP Fuzzer can be found here http www acunetix com blog docs http fuzzer tool Authentication Tester Target URL to test http testphp vulnweb com login php zj stop Authentication method Web form based ha Select user password form fields t
25. to constantly monitor the security communities and find new vulnerabilities in your web application code before hackers discover them Automated vulnerability scanning allows you to focus on the already challenging task of building a web application An automated web application scanner is always on the lookout for new attack paths that hackers can use to access your web application or the data behind it Within minutes an automated web application scanner can scan your web application identify all the files accessible from the internet and simulate hacker activity in order to identify vulnerable components In addition an automated vulnerability scanner can also be used to assess the code which makes up a web application allowing it to identify potential vulnerabilities which might not be obvious from the internet but still exist in the web application and can thus still be exploited Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection Cross site scripting and other exploitable vulnerabilities In general Acunetix Web Vulnerability Scanner scans any website or web application that is accessible via a web browser and uses the HTTP HTTPS protocol Acunetix Web Vulnerability Scanner offers a strong and unique solution for analyzing off the shelf and custom web applications including t
26. 8 200 OK 28 Kb GET shttp www acunetix com wp content the text css 200 OK 1Kb GET http www acunetix com wp content plu text css 200 OK 2Kb GET http www acunetix com wp content themes ac text css 200 OK 24 Kb GET shttp www acunetix com wp content the text css 8 200 OK 465b GET shttp www acunetic com wp content plu text css 4 200 OK 484b rile GET HTTP 1 1 Host www acunetix com User Agent Mozilla 5 0 Windows NT 6 1 WOW64 rv 18 0 Gecko 20100101 Firefox i8 0 4 Accept text html application xhtml xml application xml q 0 9 q 0 8 Wh Screenshot HTTP Sniffer The HTTP Sniffer acts as a proxy and allows you to capture examine and modify HTTP traffic between an HTTP client and a web server You can also enable add or edit traps to capture traffic before it is sent to the web server or back to the web client This tool is useful to Analyze how Session IDs are stored and how inputs are sent to the server Alter any HTTP requests being sent back to the server before they get sent Manual crawling navigate through parts of the website which cannot be crawled automatically and import the results into the scanner to include them in the automated scan For HTTP requests to pass through Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner must be configured as a proxy in your web browser HTTP Fuzzer E Stat ba Fuzzerfiters Wd 3 n Number of
27. A acunetix Web Vulnerability Scanner v10 Product Manual Information in this document is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of Acunetix Ltd Acunetix Web Vulnerability Scanner is copyright of Acunetix Ltd 2004 2015 Acunetix Ltd All rights reserved http www acunetix com info acunetix com Document version 10 Last updated 26th June 2015 Table of Contents Introduction Overview Installing Acunetix Installing AcuSensor Scanning a Website Analysing Scan Results Scanning Web Services Generating Reports Acunetix Reports Scheduling Scans Troubleshooting and Support Introduction to Acunetix Web Vulnerability Scanner Why You Need To Secure Your Web Applications Website security is today s most overlooked aspect of securing an enterprise and should be a priority in any organization Increasingly hackers are concentrating their efforts on web based applications shopping carts forms login pages dynamic content etc Accessible 24 7 from anywhere in the world insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the attacked sites A victim s website can be used to launch criminal act
28. Crawling Options x BR Scan Type Options Options Adjust scanning options from this page MEFE E Login Lai Finish Scanning options E RA Scanning profile will enable disable different tests or group of tests from the test database Scarring pote A ry Scanning settings allow you to adjust scanning behavior to the current scan s Scan settings Default x Customize Adjust advanced scan settings Show advanced options in the scan wizard acunetix lt Back Liw Cancel Screenshot Scanning Profile and Scan Settings template Scanning Profile The Scanning Profile will determine which tests are to be launched against the target website For example if you only want to test your website s for SQL injection select the profile sql_injection No additional tests will be performed The Default scanning profile will test your website for all known web vulnerabilities Refer to the Scanning Profiles section for more information on how to customize or create scanning profiles Scan Settings template The Scan Settings template will determine what Crawler and Scanner settings are to be used during a scan Refer to the Scan Settings templates section for more information on how to customize or create new Scan Settings templates Advanced Crawling Options Tick the option Show advanced options in the scan wizard to proceed to the Advanced Crawl options allowing you t
29. H servers Network alerts are categorized into 4 severity levels similar to web alerts The number of vulnerabilities detected is displayed in brackets next to the alert categories Click an alert category node to view more information similar to web alerts Note You can disable network security checks by un ticking the Enable Port Scanning option in the Scan Wizard Network Security Checks are only performed on open ports detected during the scan thus disabling port scanning will effectively disable all the network security checks Port Scanner The Port Scanner node displays all the discovered open ports on the server Network service banners can be viewed by clicking on an open port Note Port Scanning of the target server can be enabled or disabled from Acunetix WVS gt Configuration gt Scan Settings gt Scanning Options gt Enable Port Scanning Knowledge Base The knowledge base node is a high level report that displays List of open TCP ports found on the server including the port banner List of Network Services running on the web server and their response List of files with inputs found on the website The number of inputs per file are also shown e List of links to external hosts found on the website E g testphp vulnweb com contains a link to www acunetix com e List of Client and Server HTTP error responses together with the HTTP requests that generated them An example would be the response code Server Internal
30. P web applications The unique Acunetix AcuSensor Technology identifies more vulnerabilities than a black box Web Application Scanner while generating less false positives In addition it indicates exactly where vulnerabilities are detected in your code and also reports debug information Acunetix AcuSensor requires an agent to be installed on your website This agent is generated uniquely for your website for security reasons Generating the AcuSensor files First you will need to generate your unique AcuSensor files Proceed as follows 1 If using Acunetix WVS open Acunetix WVS and navigate to the Configuration gt Application Settings node Click on the AcuSensor Deployment node AcuSensor Deployment a From this node you can generate the files you need to deploy AcuSensor technology to a server Generate AauSensor Installation Files Password Output folder IC Users Wicks Doaments Aaunetix WVS 9 AcuSensor Generate PHP AcuSensor I Generate NET Acusensor Also set password in currently selected settings template Use the below button to generate the files you need to deploy AcuSensor to a server Generate AcuSensor Installation Files Screenshot AcuSensor Deployment settings node 2 If using Acunetix Online Vulnerability Scanner you can generate the AcuSensor files from the Scan Target s configuration From Acunetix OVS change to Scan Targets gt List Scan Targets gt Click on the Scan Target s n
31. S vulnerabilities using AcuMonitor Detection of Server Side Request Forgery SSRF XML External Entity XXE Mail Header Injection and Host Header based vulnerabilities using AcuMonitor New in Acunetix Web Vulnerability Scanner Version 9 5 Detection of SQL Injection XSS and other vulnerabilities in web applications implemented in Google Web Toolkit Detection of vulnerabilities in JSON and XML data and HTTP HOST Headers Alerts are now tagged with their CVE CWE and CVSS AcuSensor now supports NET 4 5 Introduced support for CRUD create read update and delete New report for NIST 800 53 rev4 Acunetix Blog and Support Page Acunetix publishes a number of web security and Acunetix how to technical documents on the Acunetix Web Application Security Blog http www acunetix com blog You can also find a number of support related documents such as FAQ s in the Acunetix Web Vulnerability Scanner support page http www acunetix com support Licensing Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner is available in 5 editions Small Business Enterprise Enterprise x10 instances Consultant and Consultant x10 instances Ordering and pricing information can be found here http www acunetix com ordering pricing htm Perpetual or Time Based Licenses Acunetix Web Vulnerability Scanner Enterprise and Consultant editions are sold as a 1 year subscription or perpetual license The 1 year subsc
32. SQL statement and doesnt property filter out dangerous 4 Weak Password 1 characters 2 Application error message 6 This is one of the most common application layer attacks currently Q Backup files 2 being used on the Internet Despite the fact that it is relatively easy to 3 Directory Listing 14 protect against there is a large number of web applications vulnerable a MR Erener ane annsna Th of Affected items r Screenshot Scan Results The vulnerabilities identified are shown in the Scan Results Each vulnerability alert contains information about the vulnerability such as POST data used affected item http response of the server and more If AcuSensor Technology is used details such as source code line number stack trace or affected SQL query which lead to the vulnerability are listed Recommendations on how to fix the vulnerability are also shown 6 Various reports can be generated on completed scans including Executive Summary report Developer report and various compliance reports such as PCI or ISO 270001 Acunetix AcuSensor Technology Acunetix s unique AcuSensor Technology allows you to identify more vulnerabilities than other Web Application Scanners whilst generating less false positives Acunetix AcuSensor indicates exactly where in your code the vulnerability is and reports additional debug information SQL injection verified Vulnerability description This scriptis possibly vulnerable t
33. Sensor Agent from the site 4 Close AcuSensorlnjector exe 5 From the same directory double click uninstall exe to uninstall the AcuSensor Agent files Note If you uninstall the Acunetix NET AcuSensor Technology Injector without un injecting the NET application then the AcuSensor code will not be removed from your _NET application AcuSensor for PHP 1 If method 1 htaccess file was used to install the PHP AcuSensor delete the directive php_value auto_prepend_file path to acu_phpaspect php file from htaccess 2 If method 2 was used to install the PHP AcuSensor delete the directive auto_prepend_file path to acu_phpaspect php file from php ini 3 Finally delete the Acunetix AcuSensor PHP file acu_phpaspect php Note Although the Acunetix AcuSensor agent requires authentication it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use Scanning a Website NOTE DO NOT SCAN A WEBSITE WITHOUT PROPER AUTHORIZATION The web server logs will show your IP address and all the attacks made by Acunetix Web Vulnerability Scanner If you are not the sole administrator of the website please make sure to warn other administrators before performing a scan Some scans might cause a website to crash requiring a restart of the website To scan a website you first need to perform the following steps Step 1 Select Target s to Scan 1 Click
34. ags control the action of browsers and may be used to refine the information provided by the actual headers Tags using this form should have an equivalent effect when specified as an HTTP header and in some servers may be translated to actual HTTP headers automatically or by a pre processing tool Grouping of Vulnerabilities El Acunetix web vulnerability Scanner Enterprise edition lolx File Actions Tools Configuration Help News n G dP HIBe 82 ES S 5 aala D e amp Py d eR d Report o Start URL http testphp vulnweb com 80 v Profile Default E stert Aacunetix WEB APPLIC Scan Results E 5 amp 8 Scan Thread 1 http testphp vulnweb com lt ill Web Alerts 253 moda soos Blind SQL Injection 35 SQL injection verified E CRLF injection HTTP response splitting Cross site scripting 2 Vulnerability description Cross site scripting verified 38 i Directory traversal verified 2 This scriptis possibly vulnerable to SQL Injection attacks Ga parameter pollution 2 SQL injection is a vulnerability that allows an attacker to alter back end SQL statements by manipulating the EH nginx SPDY heap buffer overflow 1 user input An SQL injection occurs when web applications accept user input that is directly placed into a SQL Script source code disclosure 1 statement and doesn t properly filter out dangerous characters
35. alerts belonging to a specific vulnerability class or of a given severity Only selected alerts will be included in the repot Properties m O 5 http Aestasp vuinweb com 10 20 2014 m O 5 http Aesthtml5 vulnweb com 10 20 2014 H O Sy http Aestphp vulnweb com 10 20 2014 EOE Hiin esipho vuinweb com 10 20 2014 w M High 95 m Z Medium 49 H M Low 19 m 4 Informational 41 acunetix Screenshot Select Scan 5 Select what properties and details the report should include The Report Properties will vary depending on the type of report that you are generating Compliance Report Wizard Report Style Properties i Set properties specific to this report Show short summary Show detailed report Show affected item list E Show a list of scanned files O acunetix Screenshot Select Report Properties 6 Click the Generate button to generate the report 7 Once the report is generated it can be printed or exported in various formats including PDF Word and HTML Reporter Settings The Reporter settings allow you to configure the layout and style of the generated reports To access the report settings navigate to the Configuration gt Settings node in the Reporter Tools Explorer From the Report Options node you can customize the layout titles and images in the headers of the report inixi
36. ame Skip to step 6 3 Enter a password or click on the padlock icon to randomly generate a password unique to the AcuSensor file 4 Select Also set password in currently selected settings template to store the password specified in the scan settings template 5 Specify the path where you want the AcuSensor files to be generated Select whether to generate files for a PHP website or a NET website 7 Click on Generate AcuSensor Installation Files to generate the files O 8 Depending on if you are using an ASP NET or a PHP website use one of the following procedures to install the AcuSensor files Installing the AcuSensor agent for ASP NET Websites The AcuSensor agent will need to be installed in your web application This section describes how to install AcuSensor in an ASP NET web application 1 Install Prerequisites on the server hosting the website The AcuSensor installer application requires Microsoft NET Framework 3 5 or higher Add Role Services xi in Select Role Services Select the role services to install for Web Server IIS Confirmation Role services Description Progress _ Digest Authentication Results _ Gient Certificate Mapping Authentxaton the metabase so that you can run _ IIS Chent Certificate Mapping Authentcaton applications and scripts migrated from L URL Authonzaton earlier versions of ITS that use Admin equest Fiterng Instalied Base Object ASO or Active
37. d Operation that must be tested 3 Specify a value for the operation and click Send to pass the SOAP request to the web service The web server response can then be viewed in a structured or XML view type in the lower window pane Response Tab Displays the response sent back from the web service in raw XML format Structured Data Tab Presents the XML data received from the web service response using a hierarchy of nodes that show the value for each element WSDL Structure Tab Presents a detailed view of the web service data as provided by the WSDL Structure The WSDL information is structured in the form of nodes and sub nodes and the main nodes of the tree structure are XML Schema and Services The XML Schema node lists all the ComplexTypes and the Elements of the web service The Services node lists all the web service ports and their respective operations together with the resource details of the source of the SOAP data A more detailed WSDL structure can also be shown by ticking the Show detailed WSDL structure at the bottom of the screen This will provide extensive information for each sub node of the Services node structure such as input messages and parameters WSDL Tab This tab shows the actual WDSL data in the form of XML tags Using the toolbar provided at the bottom of the screen you can search for certain keywords or elements in the source code and also change the syntax highlighting if needed HTTP Editor Export In t
38. eb security testing services or are a hosting provider or ISP The consultant edition also includes the capability of modifying the reports to include your own company logo This edition does not leave any trail in the log files of the scanned server Additional licenses are required for separate installs onto different workstations This edition can also be upgraded to allow up to 10 simultaneous scans Limitations of the Trial The trial of Acunetix Web Vulnerability Scanner downloadable from the Acunetix website is practically identical to the full version in functionality and features but contains the following limitations e The Trial edition will expire after 15 days When scanning your website all the Web Alerts will be reported However you will not be able to drill down and find where the vulnerability is found in your website e Reports cannot be generated Scan results will not be stored in the Reports database e Full scans including detailed information on the vulnerabilities discovered can be made against the following Acunetix test web sites o http testphp vulnweb com o http testasp vulnweb com o http testaspnet vulnweb com o http testhtml5 vulnweb com e The Scan Scheduler is not available If you decide to purchase Acunetix Web Vulnerability Scanner you will need to uninstall the trial and install the purchased edition which must be downloaded as a separate installer file Download the installer file us
39. eed to change the password used by the AcuSensor agent on your website you will need to re generate the AcuSensor Files and reinstall them on your website Perform the following if you are using a NET website 1 Use the procedure in the next section to Disable and Uninstall the AcuSensor agent 2 Configure a new password This step can be omitted if you are using Acunetix Online Vulnerability Scanner since a new unique and secure password is automatically generated each time the AcuSensor files are generated The unique password is stored with the Scan Target s settings 3 Click on Generate AcuSensor installation files 4 Proceed with installing the new AcuSensor files If you are using a PHP web application you will just need to overwrite the old acu_phpaspect php with the new acu_phpaspect php file Disabling and uninstalling AcuSensor To uninstall and disable the sensor from your web site AcuSensor for ASP NET websites 1 Browse to the installation directory where the AcuSensor Agent was been installed 2 Open AcuSensorlInjector exe D Acunetix NET AcuSensor Injector f E3 Select the applications you want to inject unmyect from the list bellow Retresh A gt Roo Target Runtime NET Framework version 20 Ingect Selected Uninject Selected Screenshot Select website and click Uninject Selected 3 Select the website where the AcuSensor agent is installed and click on Uninject to remove the Acu
40. from the Windows Services console Scan Options E Scan results save folder C Users Public Documents Acunetix WVS 9 Saves Parallel scans max 10 9 Screenshot Scheduler scan options In the Scheduler Scan Options you can specify the path where the Acunetix Web Vulnerability Scanner scan results should be saved By default the scan results are saved in the My Documents folder of the Windows Public user profile in the Acunetix WVS sub directory Scanning multiple websites From this section you can also configure the number of parallel scans launched in Acunetix Web Vulnerability Scanner E g if you want to scan 4 websites and their scan schedule overlaps instead of the scans being queued another instance of Acunetix Web Vulnerability Scanner is automatically started and the scans will be launched in parallel If you are scanning a large number of websites it is suggested to increase the number of parallel scans so their schedule does not overlap Maximum number of parallel scans is 10 if you have the x10 instances license Note The maximum number of scheduled scans that can be configured in the Acunetix Web Vulnerability Scanner scheduler is 2000 Configuring Email notifications M Email Notifications V Send email notifications when scans are finished SMTP server to be used for sending email notifications Server ip hostname 172 16 180 106 Port 25 j V The SMTP server requires authentication
41. gies Note If a specific web technology is not listed under Optimize for the following technologies it does not mean that it is unsupported by Web Vulnerability Scanner only that there are no vulnerability tests exclusive to that technology Step 4 Configure Login for Password Protected Areas Two types of Login mechanisms are commonly used on the web HTTP Authentication This type of authentication is handled by the web server where the user is prompted with a password dialog Scanning an HTTP password protected area requires that you either enter the credentials during the crawling of your web application or you have the credentials pre configured in Acunetix This is covered in more detail here Forms Authentication This type of authentication is handled via a web form and not via HTTP The credentials are sent to the server for validation by a custom script Scanning websites using forms based authentication is done using the Login Sequence Recorder and is covered in more detail here Step 5 Finalize Scan Options Finish Alter ansiyang the webnte responses we have coenpded 4 bet of recoenmendations Ice the curtert scan Additional hosts detected Some additional hosts were detected Check the ones you wart to include in the scan Finish download macromecks com waw acuunetcc com ww eclectaty com _ Save customized scan rettings You can choose to save the settings you ve made for future scans The can be usefull y
42. he Web Services Editor you can export a SOAP request to the HTTP Editor by clicking on the HTTP Editor button in the Web Services Editor toolbar The HTTP Editor tool will automatically import the data so the request can be customized and sent as an HTTP POST request Generating Reports ix fe BEP Ledinis Aacunetix WEB APPLICATION SECURITY WVS Reporter Meed iem Common Tasks li Developer Report li Executive Summary Report Wizard Starts the generate report wizard dialog where you can chose we Quick Report the source of the report I Compliance Report E Scan Comparison is Generate Report Generate a report from the previously selected scan results Monthly Vulnerabilities bal Report Preview zi E Configuration Report Details Ej gs Executive Summary Database Explorer This reportis an executive summary of a scan It will give an overview of what vulnerabilities was found by the scan on a particular website Scan of http test4 example com 80 gt Acunetix WVS v9 5 Build 20141017 A Acunetix Ltd 2005 2014 All rights reserves a Screenshot The Reporter Application The Acunetix Web Vulnerability Scanner Reporter is a standalone application that allows you to generate reports for the security scans performed using Acunetix Web Vulnerability Scanner The Reporter can be launched after completing a scan or from the Acunetix Web Vulnerability Scanner program group and
43. hose utilizing JavaScript AJAX and Web 2 0 web applications Acunetix has an advanced crawler that can find almost any file This is important since what is not found cannot be checked How Acunetix Web Vulnerability Scanner Works Acunetix Web Vulnerability Scanner works in the following manner 1 Acunetix DeepScan analyses the entire website by following all the links on the site including links which are dynamically constructed using JavaScript and links found in robots txt and sitemap xml if available The result is a map of the site which Acunetix Web Vulnerability Scanner will use to launch targeted checks against each part of the site Name HTTP Result Inputs E A http testphp vulnweb com o Ok 200 Home of Acune H G idea Ok 200 Index of idea text html R admin Ok 200 Index of admin text html R AJAX Ok 200 ajax test text html Connections Ok 200 Index of Conn text html cvs Ok 200 Index of CVS text html e g Flash Ok 200 Index of Flash text html e hpp Ok 200 1 HTTP Paramete text html icons Not Found text html Screenshot Crawler Results If Acunetix AcuSensor Technology is enabled the sensor will retrieve a listing of all the files present in the web application directory and add the files not found by the crawler to the crawler output Such files usually are not discovered by the crawler as they are not accessible from the web server or not
44. info usernam 3 Application error mes ssage 2 i S E http testaspnet vuinweb com acuservice servic on 4 E Service ServiceSoap GetUserinfo username 1 Hion pa variant 1 Q Medium 2 3 Service ServiceSoap 12 GetUserinfo usernam tow o Alh Web Services 1 Informational 0 S P Service 7 E Servicesoap Target information _http testaspnet vulnweb com acuservice service asmx WSDL 5 Heloword Responsive true Helouser mosencode Getuserinfo E ServiceSoap12 Helloworld Hellouser i mosencode Getuserinfo PA Statistics 204 requests Progress 9 i l Activity Window Ready i Screenshot 66 Web Services Scanner Starting a Web Service Scan 1 From the Tools Explorer select Web Services Scanner and click the New Scan button in the toolbar to launch the Web Service Scan Wizard Specify the URL of an online or local WSDL and choose a scanning profile Click Next to proceed 2 Inthe Selection step select the Web Services Ports and Operations that must be scanned The number of inputs accepted by each operation and the URL of the ports will be displayed in the Details section 3 Enter specific input values optional for the scanner to use as Web Service Operations in the Default Values step 4 Proceed to the scan summary review it and click Finish to launch the scan Web Services Editor TE Acunetix Web Vulnerability Scan
45. ing the link provided by our sales team and double click to begin the setup You will be prompted to remove the trial and install the full edition All settings from the previously installed version will be retained Once the installation is complete you will be prompted to enter the License key Installing Acunetix Web Vulnerability Scanner Minimum System Requirements Operating system Microsoft Windows XP and later CPU 32 bit or 64 bit processor System memory minimum of 2 GB RAM Storage 200 MB of available hard disk space Microsoft Internet Explorer 7 or later some components of Internet Explorer are used by Acunetix Optional Microsoft SQL Server for the reporting database By default a Microsoft Access database is used Microsoft Access is not required Installing Acunetix Web Vulnerability Scanner 1 2 u 7 Download the latest version of Acunetix Web Vulnerability Scanner from the download location provided when you purchased the license Double click the webvulnscan exe file to launch the Acunetix Web Vulnerability Scanner installation wizard and click Next when prompted Review and accept the License Agreement Select the folder location where Acunetix Web Vulnerability Scanner will be installed The installation will prompt you to install a unique root certificate used for HTTPs traffic and to create a desktop shortcut Click Install to start the installation Setup will now copy all files and ins
46. ity Window Ready Screenshot Blind SQL Injector Ideal for penetration testers the Blind SQL injector is an automated database data extraction tool with which you can make manual tests to further analyze SQL injections reported during a scan The tool makes use of Blind SQL Injection techniques to enumerate databases and tables dump data and also read specific files on the file system of the web server if an exploitable SQL injection is discovered With the Blind SQL Injector tool you can also run manual tests to check for different variants of SQL injection Using this tool you can also run custom SQL Select queries against the database More information about the blind SQL injector can be found here http www acunetix com blog docs blind sql injector tool HTTP Editor E start By Encoder Toot Q Request Text Only DRD HTTPS Method POST Protocol HTTP 1 1 URI questbook php v E Edt Request Variables Request Headers Request Data Header Name Header Value 7 namewanonymoust2520user 22 2682583cScRiP m Content Length 107 tt20t3eprompt 973893 t3ct2fScRiPtt3essubmit E Content Type application x www form urlencoc addt 20message text 1 Referer http testphp vulnweb com E Cookie mycookie 3 E Host testphp vulnweb com E Connection Keep alive Y Accept Encoding gzip deflate F User Agent Mozila S 0 compatible MSIE 9 0 V Accept ie Oj i Response Headers Respo
47. ive scanning mode generate a PDF report and send the results to results myemail com use the below example http testasp vulnweb com 05112014 1515 XSS extensive yes PDF results myemail com Note Scans imported from a CSV file will only be executed once It is not possible to configure recurring scans using the CSV file import feature Troubleshooting and Support User Manual The most common queries can be answered by consulting this user manual Frequently Asked Questions Our support team maintains a list of frequently asked questions at http www acunetix com support faq Acunetix Blog We highly recommend that you follow our security blog by browsing to http www acunetix com blog Request Support If you encounter persistent problems that you cannot resolve we encourage you to contact the Acunetix Support team via email at support acunetix com Please include any information you think is useful to help us diagnose your issue such as information on the web technologies being used screenshots showing the problem etc Please include also the license key information in the support email We will do our best to answer your query within 24 hours or less depending on your time zone Knowledge base Support page You can also explore the Acunetix knowledge base and other support options by browsing to http www acunetix com support Acunetix Facebook page Join us on Facebook for the latest product and industry updates
48. ivities such as hosting phishing sites or to transfer illicit content while abusing the website s bandwidth and making its owner liable for these unlawful acts Hackers already have a wide repertoire of attacks that they regularly launch against organizations including SQL Injection Cross Site Scripting Directory Traversal Attacks Parameter Manipulation e g URL Cookie HTTP headers web forms Authentication Attacks Directory Enumeration and other exploits The hacking community is also very close knit newly discovered web application intrusions known as Zero Day exploits are posted on a number of forums and websites known only to members of that exclusive underground group Postings are updated daily and are used to propagate and facilitate further hacking Web applications shopping carts forms login pages dynamic content and other bespoke applications are designed to allow your website visitors to retrieve and submit dynamic content including varying levels of personal and sensitive data If these web applications are not secure then your entire database of sensitive information is at serious risk A Gartner Group study reveals that 75 of cyber attacks are done at the web application level Why are web applications vulnerable e Websites and web applications are easily available via the internet 24 hours a day 7 days a week to customers employees suppliers and therefore also hackers e Firewalls and SSL provide n
49. ix wvs Reporter EEE ir eg E g a c id SITAR as wa Compliance at a Glance Compliance According to Categories Requirement 1 3 8 Do not disclose private IP a Requirement 2 1 Always change vendor supplit Requirement 2 2 2 Enable only necessary and Requirement 2 2 4 Configure system security pz Requirement 2 2 5 Remove all unnecessary fur Compliance at a Glance categories Donot disclose private IP addresses and routing information to unauthorized parties Requirement 1 3 8 This section ofthe report is a summary andlists the number of alerts found according to individual compliance Requirement 2 3 Encrypt all non console admir Requirement 4 Encrypt transmission of cardholc Requirement 4 1 Use strong cryptography and Requirement 6 Develop and maintain secure s Requirement 6 2 Ensure that all system compor Total number of alerts in this category 3 Always change vendor supplied defaults and remove or disable unnecessary default accounts before installing a system on the network Requirement 2 1 Total number of alerts in this category 35 Enable only necessary and secure services protocols daemons etc Requirement 2 2 2 No alerts in this category Configure system security parameters Requirement 2 2 4 Requirement 6 4 1 Separate developmentAest Requirement 6 4 4 Removal of test data and ac Requirement 6 5 1 Injectio
50. linked through the website Acunetix AcuSensor also analyses files which are not accessible from the internet such as web config After the crawling process the Web Vulnerability Scanner automatically launches a series of vulnerability checks on each page found in essence emulating a hacker Acunetix Web Vulnerability Scanner also analyses each page for places where it can input data and subsequently attempts all the different input combinations This is the Automated Scan Stage If the AcuSensor Technology is enabled a series of additional vulnerability checks are launched against the website More information about AcuSensor is provided in the following section Scan Results eacunetix WEB APPLICATION SECURITY Ey Scan Thread 1 http testphp vulnweb cor amp iy Web Alerts 185 E Blind SQL Injection 15 Blind SQL Injection HGH CRLF injecton HTTP response splitte Cross Site Scripting verified 26 Vulnerability description 3 Directory Traversal verified 3 HTTP Parameter Polution 2 This script is possibly vulnerable to SQL Injection attacks Macromedia Dreamweaver Remote SQL injection is a vulnerability that allows an attacker to alter backend 34 PHP allow_url_fopen enabled 1 SQL statements by manipulating the user input An SQL injection Oo Script source code disclosure 1 occurs when web applications accept user input that is directly placed SQL injection verified 26 into a
51. lities Previously SQL injection vulnerabilities could only be found if database errors were reported whereas now the source code can be analyzed for improved detection e Ability to detect SQL injection vulnerabilities in all SQL statements including in SQL INSERT statements Using a black box scanner such SQL injection vulnerabilities cannot be found This significantly increases the ability for Acunetix Web Vulnerability Scanner to find vulnerabilities e Discovers all the files present and accessible through the web server If an attacker gains access to the website and creates a backdoor file in the application directory the file is found and scanned when using the AcuSensor Technology and you will be alerted e AcuSensor Technology is able to intercept all web application inputs and build a comprehensive list with all possible inputs in the website and test them e No need to write URL rewrite rules when scanning web applications which use search engine friendly URL s Using the AcuSensor Technology the scanner is able to rewrite SEO URL s on the fly e Ability to test for arbitrary file creation and deletion vulnerabilities E g Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access or delete sensitive web application files e Ability to test for email injection E g A malicious user may append additional information such as a list or recipients or addi
52. ll often allow attackers to take over the website or steal data More information can be found at_http cwe mitre org top25 The Health Insurance Portability and Accountability Act HIPAA Availability OVS and WVS Part of the HIPAA Act defines the policies procedures and guidelines for maintaining the privacy and security of individually identifiable health information This report identifies the vulnerabilities that might be infringing these policies The vulnerabilities are grouped by the sections as defined in the HIPAA Act International Standard ISO 27001 Availability OVS and WVS ISO 27001 part of the ISO IEC 27000 family of standards formally specifies a management system that is intended to bring information security under explicit management control This report identifies vulnerabilities which might be in violation of the standard and groups the vulnerabilities by the sections defined in the standard NIST Special Publication 800 53 Availability OVS and WVS NIST Special Publication 800 53 covers the recommended security controls for the Federal Information Systems and Organizations Once again the vulnerabilities identified during a scan are grouped by the categories as defined in the publication OWASP Top10 2013 Availability OVS and WVS The Open Web Application Security Project OWASP is web security project led by an international community of corporations educational institutions and security researchers
53. n using source code analyzers and black box scanning independently The AcuSensor sensors can be inserted in the NET and PHP code transparently The NET source code is not required the sensors can be injected in already compiled NET applications Thus there is no need to install a compiler or obtain the web applications source code which is a big advantage when using a third party NET application In case of PHP web applications the source is readily available To date Acunetix is the only Web Vulnerability Scanner to implement this technology Advantages of using AcuSensor Technology e Ability to provide more information about the vulnerability such as source code line number stack trace affected SQL query e Allows you to locate and fix the vulnerability faster because of the ability to provide more information about the vulnerability such as source code line number stack trace affected SQL query etc e Significantly reduces false positives when scanning a website because it understands the behavior of the web application better e Alerts you to web application configuration problems which can result in a vulnerable application or expose sensitive information E g If custom errors are enabled in NET this could expose sensitive application details to a malicious user e Advises you how to better secure your web server settings e g if write access is enabled on the web server e Detects more SQL injection vulnerabi
54. n flaws x Requirement 6 5 2 Buffer overflow Total number of alerts in this category 38 Requirement 6 5 3 Insecure cryptographic stor Remove all unnecessary functionality Requirement 2 2 5 Requirement 6 5 4 Insecure communications No alerts in this category Requirement 6 5 5 Improper error handling Enaypt all non console administrative access Requirement 2 3 Requirement 6 5 7 Cross site scripting XSS No alerts in this category Requirement 6 5 8 Improper Access Control Requirement 6 5 3 Cross Site Request Forgery Requirement 6 5 10 Broken authentication and Requirement 8 1 6 Limit repeated access atter Requirement 8 2 1 Render all authentication cr Requirement 8 5 13 Limit repeated access atte Encrypttransmission of cardholder data across open public networks Requirement 4 Total number of alerts in this category 2 Use strong ayptography and security protocols Requirement 4 1 No alerts in this category Acunetix Website Audit i Screenshot PCI Compliance Report Compliance Reports are available for the following compliance bodies and standards CWE SANS Top 25 Most Dangerous Software Errors Availability OVS and WVS This report shows a list of vulnerabilities that have been detected in your website which are listed in the CWE SANS top 25 most dangerous software errors These errors are often easy to find and exploit and are dangerous because they wi
55. ner NFR Evaluation Edition II NNT NN e File Tools Configuration Help New Scan Gb y Be S leelea Ei WSDL URL http testaspnet vulnweb com acuservice service asmx WSDL GF B import g Editor WSDL Structure WSDL R service Service Ports i ServiceSoap12 v Operation HelloUser Qpsend ES HTP Editor ap http schemas xmlsoap org soap envelope xmlns xsi XMLSchema instance xmlns xsd http www w3 org 2001 XMLSchema gt xmln empuri org gt ult gt Hello amp lt hello amp gt lt HelloUserResult gt onse gt Lanon NAB Look for O O S r 4 o m Activity Window Ready Screenshot 67 Web Services Editor The Web Services Editor allows importing of online or local WSDL for custom editing and execution of various web service operations for an in depth analysis of WSDL requests and responses The editor also features syntax highlighting for all languages making it easy to edit SOAP headers and customize manual attacks Editing and sending of Web Services SOAP messages is very similar to editing normal requests sent via the HTTP Editor Importing WDSL and Sending Request 1 Click on the Web Services Editor node in the tools explorer and enter the URL of the WSDL or locate the local directory where the local WSDL file is stored Click Import to import all WSDL information 2 From the drop down menus in the toolbar select the Service Port an
56. nse Data view Page HTML Structure Analysis Look for O i we amp E Hm zj 1 a HTML PUBLIC W3C DTD HTML 4 01 Transitional EN 2 http www w3 0rg TR html4 loose dtd gt 3 lt html gt lt InstanceBegin template Templates main_dynamic_ template dwt php codeQutsideHTMLIsLocked false gt 4 lt head gt 5 lt meta http equiv Content Type content text html charset iso 8859 2 gt 6 7 lt InstanceBeginEditable name document_title rgn gt 8 lt title gt gquestbook lt title gt 9 lt InstanceEndEditable gt 10 lt link rel stylesheet href style css type text css gt Dag lt TneranceRecinFdirahle name headere ron gt Screenshot HTTP Editor The HTTP Editor allows you to create analyze and edit client HTTP requests and server responses It also contains an encoding and decoding tool to encode decode text and URL s to MD5 hashes UTF 7 formats and many other formats You can start the HTTP Editor from the Tools node within the Tools Explorer The Top pane in the HTTP editor displays the HTTP request data and headers The bottom pane displays the HTTP response headers data More information about the HTTP editor can be found here http www acunetix com blog docs http editor HTTP Sniffer stop Enable traps bal Edit traps 9 ld Pia Status Running on port 8080 a http www acunetix com text html charset UTF
57. o SQL Injection attacks SQL injection is a vulnerability that allows an attacker to alter back end SQL statements by manipulating the user input An SQL injection occurs when web applications accept user input thatis directly placed into a SQL statement and doesn t properly filter out dangerous characters This is one of the most common application layer attacks currently being used on the Internet Despite the fact that it is relatively easy to protect against there is a large number of web applications vulnerable This vulnerability affects listproducts_php Discovered by Scripting Sql_Injection script AcuSensor TECHNOLOGY Vulnerability details Source file hj var wwwi listproducts php line 43 Additional details SQL query SELECT FROM users WHERE uname 1ACUSTART C33MmACUEND AND pass mysql_query was called Attack details Cookie input login was set to TACUSTART C33MmACUEND y View HTTP headers y View HTML response Screenshot AcuSensor pinpoints vulnerabilities in code The increased accuracy available for PHP and NET web applications is achieved by combining black box scanning techniques with feedback from sensors placed inside the source code Black box scanning does not know how the application reacts and source code analyzers do not understand how the application will behave while it is being attacked AcuSensor technology combines both techniques to achieve significantly better results tha
58. o pre seed a crawl using Selenium scripts Fiddler Session Archives Burp Saved files and Acunetix HTTP Sniffer log files You can also configure the Acunetix to show you the list of files identified by the Crawler giving you the option to choose which files to scan Step 3 Confirm Targets and Technologies Detected Select Targets Piese wat unti the scanning u treched and fen select the targets you wart to scan from the bit belos Fo every target you can enter detali such ai operating apstem webverver technology of change the base path By ertenng these etait you can reduce the scanning tran Bave path Server banner Apache 2 0 55 Uburtul mod_pathon 3 1 4 Python 2 Target URL htp Mestphe wulrwved com BOY Operating gatem Ure S Apache 2x T PHP Peel mod sil mod pect mod oxthor OoenSSt ASP ASP NET P v X acunetix Screenshot Scan Wizard Selecting Targets and Technologies Acunetix Web Vulnerability Scanner will automatically fingerprint the target website for the server s operating system the web server and its web server technologies The web vulnerability scanner will reduce the scan time by scanning only for the selected web technologies E g Acunetix Web Vulnerability Scanner will not launch IIS security checks against a Linux system running an Apache web server Click on the relevant field and change the settings from the provided check boxes if you would like to add or remove scans for specific technolo
59. o protection against web application hacking simply because access to the website has to be made public e Web applications often have direct access to backend data such as customer databases e Most web applications are custom made and therefore involve a lesser degree of testing than off the shelf software Consequently custom applications are more susceptible to attack e Various high profile hacking attacks have proven that web application security remains the most critical If your web applications are compromised hackers will have complete access to your backend data even though your firewall is configured correctly and your operating system and applications are patched repeatedly e Network security defense provides no protection against web application attacks since these are launched on port 80 which has to remain open to allow regular operation of the business It is therefore imperative that you regularly and consistently audit your web applications for exploitable vulnerabilities The need for automated web application security scanning Manual vulnerability auditing of all your web applications is complex and time consuming since it generally involves processing a large volume of data It also demands a high level of expertise and the ability to keep track of considerable volumes of code used in a web application In addition hackers are constantly finding new ways to exploit your web application which means that you would have
60. o use Logon has faled if Result contain you F Username dictionary path C ProgramData Acunetix WVS 8 Pata General userlist txt x Password dictionary path C ProgramData Acunetix WVS 8 Data General passiist txt http testphp vulnweb com login php with username test and password test Screenshot Authentication Tester With the Authentication Tester you can perform a dictionary attack against login pages that use both HTTP NTLM v1 NTLM v2 digest or form based authentication This tool uses two predefined text files dictionaries containing a list of common usernames and passwords You can add your own combinations to these text files More information about the Authentication tester can be found here http www acunetix com blog docs authentication tester Web Services Scanner and Web Services Editor sini Fle Actions Tools Configuration Help Naws BPA 6 TO 6 Meier is vi siQle F L l ed amp Report wso uR Thetp ftestaspnet vulnwed com facuser vice service smx WSDL v Profle ws_defeutt l stt i og Ne suin acunetix WEB APPLICATION SECURITY ty htp Mestaspret vulewed com facuservice service aamx7WSOL Finished 4 alerts SQL injection verted 2 f Alerts summary 3 Q Bird SQL Injection 2 gt dB Wed Services 1 SQL injection verified 5 Service a ServiceSoap e Npuitestaspnet vuinwebd comvacuserice service asim a E ServiceSoap12 O Semice SemiceSoa
61. on the scanned server allowing you to detect all the vulnerabilities that exist on your perimeter servers Acunetix Web Vulnerability Scanner Overview Acunetix Web Vulnerability Scanner allows you to secure your website quickly and efficiently It consists of the following components D acusetia Weed Velmerabdity Scanner Comsudtant dtu aloi xj serne EN iiiI Maoacunetix N SECURITY Acunetix Wed Vulnerability Scanner Reporter 3 Sheda AnSersor Acunmetix Wed Application Secunty Blog Ananets 19 Be Eata at Gaane 201 Screenshot Acunetix Web Vulnerability Scanner Web Scanner The Web Scanner launches an automatic security audit of a website A website security scan typically consists of two phases 1 Crawling Making use of Acunetix DeepScan Acunetix Web Vulnerability Scanner automatically analyzes and crawls the website in order to build the site s structure The crawling process enumerates all files and is vital to ensure that all the files of your website are scanned 2 Scanning Acunetix Web Vulnerability Scanner launches a series of web vulnerability checks against each file in your web application in effect emulating a hacker The results of a scan are displayed in the Alert Node tree and include comprehensive details of all the vulnerabilities found within the website AcuSensor Technology Agent Acunetix AcuSensor Technology is a unique technology that allows you to identify more
62. ore about writing custom web security checks at the following URL http www acunetix com blog docs creating custom vulnerability checks You can download the scripting SDK from http www acunetix com download tools Acunetix_SDK zip Reporter The Reporter allows you to generate reports of scan results in a printable format Various report templates are available including summary detailed reports and compliance reporting The Consultant Version of Acunetix Web Vulnerability Scanner allows customization of the generated report Sean of hapa 192 168 0 2 reer Screenshot Typical Report including Chart of alerts New in Acunetix Web Vulnerability Scanner Version 9 Introduction of Acunetix DeepScan which makes use of the same rendering engine used in Google Chrome and Apple Safari to better identify the web site s structure during a scan Acunetix DeepScan provides a huge improvement in scanning of AJAX sites JavaScript based sites and Single Page Applications SPA Introduction of the Acunetix AcuMonitor service which is used to identify specific vulnerabilities which require an intermediate server Improved support in detecting and scanning smartphone tablet friendly websites When a mobile friendly site is scanned the user is given the option to crawl and scan the site as a normal browser or as a smartphone browser Full support for HTML5 websites Detection of DOM based XSS vulnerabilities Detection of Blind XS
63. ou ave planing to scan more smda websites You can aio chose to save the settings wn a new fle by chching the below bestton Save to anew temglate acunetix Screenshot Finalize Scan Options Before the Scan is started the Scan Wizard will report issues which might hinder the scan The following is a list of actions which you might be presented with If an error is encountered while connecting to the target server the error will be shown If Acunetix Web Vulnerability Scanner is unable to automatically detect a custom 404 error page pattern you will have to configure a custom 404 error page rule by clicking the Customize button Read more about configuring Acunetix to handle Custom 404 error pages If the target server is using CASE insensitive URLs you must force case insensitive crawling This can be done from Configuration gt Scan Settings gt Crawling Options gt Ignore CASE differences in paths If AcuSensor Technology is enabled and the target server is running PHP or NET you will get an error if the AcuSensor agent is not detected Click the Customize button to install AcuSensor on the target web application If additional hosts have been found to be linked to from the web site being scanned you can optionally select to scan these too You will require permissions to scan the selected hosts too If a smartphone friendly version of the website is detected you will be given the option to crawl and scan the site a
64. p GetUserinfo usemame Service SericeSoapt2 GetUserinfo username Blind SQL injection e h amp puitestaspnet vulnweb comvacuserice service asm O Service ServiceSoap GetUserinfo usemame O Service SericeSoap12 GetUserinfo username Screenshot Web Services Scanner The Web Services Scanner allows you to launch automated vulnerability scans against WSDL based Web Services Web Services are commonly used to exchange data and generally vulnerabilities in Web Services can easily be exploited in order to leak sensitive information The Web Services Editor allows you to import an online or local WSDL for custom editing and execution of various web service operations over different port types for an in depth analysis of WSDL requests and responses The editor also features syntax highlighting for all languages to easily edit SOAP headers and customize your own manual attacks Acunetix Web Vulnerability Scanner SDK moa nam M curai documents manar DE eson var variation for var j eo Meciage it Iot eumcuticn ence We oneri rout cheme paliti tor omeri contmd in Vt acunete documents ann O Neah songt DASS sent rhed n 23 me Rogas cort 0 Screenshot Web Vulnerability Scanner Scripting tool The Acunetix Web Vulnerability Scanner Scripting tool allows you to create new custom web vulnerability checks These checks must be written in JavaScript and require installation of the Software Development Kit SDK You can read m
65. ription license expires after 1 year from the date of download or activation The perpetual license does not expire The Small Business version is available as a perpetual license only If you purchase the perpetual license you must buy a maintenance agreement to get free support and upgrades beyond the first month after purchase The maintenance agreement entitles you to free version upgrades and support for the duration of the agreement Support and version upgrades are included in the price of the one year license Enterprise Edition Unlimited Sites Servers The Enterprise edition license allows you to install one copy of Acunetix Web Vulnerability Scanner on one computer to scan an unlimited number of sites or servers The sites or servers must be owned by yourself or your company and not by third parties Acunetix Enterprise edition will leave a trail in the log files of the scanned server and scanning of third party sites is prohibited by the license agreement Additional licenses are required for separate installs onto different workstations This edition can also be upgraded to allow up to 10 simultaneous scans Consultant Edition The Consultant edition license allows you to install one copy of Acunetix on one computer to scan an unlimited number of sites or servers including 3 party sites provided that you have obtained permission from the respective site owners This is the correct edition to use if you are a consultant who provides w
66. s a normal browser or a mobile browser If you have made changes to the Scan Settings template you will be asked if you want to save the modifications to the existing or new template Step 6 Start the scan Click on Finish to start the automated scan If the option After crawling let me choose the files to scan was selected in the crawling options you will be asked to select the files to scan after Acunetix Web Vulnerability Scanner has finished crawling the site Depending on the size of the website scanning profile selected and the server s response time a scan may take several hours Analyzing the Scan Results The vulnerabilities discovered during the scan of a website are displayed in real time in the Alerts node in the Scan Results window A Site Structure node is also shown listing the files and folders discovered G Acunetix Web Vulnerability Scanner Enterprise Edition iojxi File Actions Tools Configuration Help Newsean G Pd IB 8a Tools Explorer a 0 g i da A ih Report 2 Start URL http testphp vuinweb com 80 v Profile Default x B start Web Vulnerability Scanner J lh Alerts summary 253 alerts Io P 5 la ry uk Web Scanner 7 H E Tools A H Web Services ily Web Alerts 253 A acunetix threat level Acunetix Threat Level 3 H Configuration Blind SQL Injection 35 DRA One or more high severity type vulnerabili
67. se and or deface your website database and or deface your website wvstests Read Me bt Alert counts E Hidden form input named price was found product php 21bc3e21f408d fb4afa f6848e81f First scan Second scan 5 Jomain sar file Total alerts found 203 Total al ite found 304 erver E Unchanged issues High o5 E High 95 htaccess file readable Medium 4c E Medium 49 7 Mod_Rewrite_Shop E Application emor message Low 19 E Low is E Jistproducts php Informational 4 i Informational 4 E Alistproducts php Aistproducts php i J h php Comparison chart showimage php E Backup files Andex zip E 18 Resolved 9 Blind SQL Injection Unchanged 91 AJAX infoartist php AJAX nfocateg php AJAX nfotitle php artists php artists php cart php questbook php Aistproducts php Aistproducts php Aistproducts php Aistproducts php X A 19 new alerts have been discovered My 4 2 53 D Screenshot Scan Comparison Report Availability WVS only The Scan Comparison Report allows the user to track the changes between two scan results for the same application This report will highlight resolved unchanged and new vulnerabilities making it easy to track development changes affecting the security of your web application Monthly Vulnerabilities Report Availability WVS only This statistical report correlates the data from the scans performed in a specific month and reports on the vulnerabilities
68. should install Acunetix AcuSensor on your web application in order to improve the detection of vulnerabilities get the line in the source code where vulnerabilities are located and to decrease false positives Upgrading Acunetix Web Vulnerability Scanner It is recommended that you backup your settings before proceeding with the upgrade as per http www acunetix com blog docs backup acunetix settings customizations To upgrade a previous version of Acunetix Web Vulnerability Scanner to the latest version 1 Close all instances of Acunetix Web Vulnerability Scanner and related utilities such as the Reporter 2 Optionally backup the Login Sequences if you would like to use these in in the newer version Depending on the version these can be copied from lt C Program Files x86 Acunetix Web Vulnerability Scanner X Data General LoginSequences gt for version 7 or older or lt C Users Public Documents Acunetix WVS X LoginSequences gt for newer versions 3 Optionally backup the Reporting Database if you would like to use it in the newer version If you are using an Access Database the default location of the database is lt C Program Files x86 Acunetix Web Vulnerability Scanner X Data Database vulnscanresults mdb gt 4 From the Acunetix Web Vulnerability Scanner Program Group select to uninstall the product Install the newer version of Acunetix Web Vulnerability Scanner 6 To restore the Login Sequences copy the files backed
69. sion The recursion option gives you the option to configure the Scheduler to run a scan Once Every Day Every Week Every Month or Continuous Set a specific day number if schedule is set to weekly or monthly e g 2 day of the week or 21 day of the month Scheduled Scan Advanced Options gt Basic options Advanced options Scanning profile Default H Login sequence snn H Scan settings eat 7 y Scan mode Heuristic 4 Exduded hours enn 4 gt Crawling options gt Scan results and reports OK Cancel 4l Screenshot Acunetix Scheduler Advanced options The Advanced Options allow you to configure e Scanning Profile e Login Sequence e Scan Settings template e Scan Mode e Excluded Hours Template Scheduled scan results and reports Basic options Advanced options Scan results and reports Save scan results to database I Save scan logs I Generate report Report format PDF z Report template Developer Report M Email address for notifications OK Cancel Screenshot Acunetix Scheduler Scan results and Reports In the Scan results and reports section you can select to save the scan results to the reporting database save the scan logs and generate a report You can also specify in which format you want the report to be generated and an email address where the scan results are sent If no email address is specified the email address configured in
70. tall the Acunetix Web Vulnerability Scanner Scheduler service Click Finish when ready Registering with AcuMonitor Service x Some vulnerabities can only be detected or verified by using an intermediate server Acunetix AcuMonitor is used to expose these type of vulmerabdites Your email address and icense key ace needed to register to this service Notifications of Vulnerabilities exposed wil be sent to the emal addess provided below You can register later trom Configuration gt Application Settings Emad address admirk acunetix corn License key More infon Mora Register Cancel Screenshot AcuMonitor Registration When you start Acunetix Web Vulnerability Scanner the first time you will be asked to register with the AcuMonitor Service The AcuMonitor Service is used to automatically detect certain vulnerabilities which can only be detected using an intermediate server such as Blind XSS Server Side Request Forgery SSRF and Email Header Injection You can register to the AcuMonitor service using your email address and your license key Registration can also be done at a later stage from Acunetix Web Vulnerability Scanner gt Configuration gt Application Settings gt AcuMonitor More information on the AcuMonitor Service can be found at http www acunetix com vulnerability scanner acumonitor blind xss detection Installing AcuSensor in your web application If you need to scan a NET or PHP web application you
71. te directory and add the following directive php_value auto_prepend_file path to acu_phpaspect php file Note For Windows use C sensor acu_phpaspect php and for Linux use Sensor acu_phpaspect php path declaration formats If Apache does not execute htaccess files it must be configured to do so Refer to the following configuration guide http httpd apache org docs 2 0 howto htaccess html The above directive can also be configured in the httpd conf file Method 2 IIS and Apache php ini 1 Locate the file php ini on the server by using phpinfo function 2 Search for the directive auto_prepend_file and specify the path to the acu_phpaspect php file If the directive does not exist add it in the php ini file auto_prepend_file path to acu_phpaspect php file 3 Save all changes and restart the web server for the above changes to take effect Testing your AcuSensor Agent To test if the AcuSensor agent is working properly on the target website do the following 1 In the Tools Explorer Navigate to Configuration gt Scan Settings node and select the AcuSensor node 2 Enter the password of the AcuSensor agent file which was copied to the target website 3 Click Test AcuSensor installation on a Specific URL A dialog will prompt you to submit the URL of the target website where the AcuSensor Agent file is installed Enter the desired URL and click OK Changing the AcuSensor Password If you n
72. the scheduler settings is used In addition the Report template field allows you to specify what report template to use You can choose among four templates which are Affected Items Developer Report Executive Summary and Quick Report Importing Scheduling Scans You can also import scheduled scans from a CSV file The format of the CSV files are described next CSV File Properties Each line in the CSV file should only contain one scan For each scan you should specify the following properties e URL Specify the URL with or without protocol http and https If no protocol is specified http is used This entry is mandatory e Date Specify the date when the scan should be launched The date format is DDMMYYYY and should be single string E g If a scan is to be scheduled for the 5 of November 2014 the date should be 05112014 This entry is mandatory e Time Specify the time when the scan should be launched The time format is 24 hours and should be a single string of 4 digits E g 10am should be 1000 and 10pm should be 2200 This entry is mandatory e Scanning Profile Specify the name of an existing scanning profile to be used during the scan If not specified the default scanning profile will be used during the scan e Login Sequence Specify the name of an existing login sequence if you want to use a login sequence during the scan If nothing is specified no login sequence will be used during the scan e Scan Settings
73. ties H E General E CRLF injection HTTP response splitting verified 1 evel 3 Mig have been discovered by the scanner A E Cross site scripting 2 Cross site scripting verified 38 Directory traversal verified 2 HTTP parameter pollution 2 ee malicious user can exploit these vulnerabilities and compromise the backend database and or deface your website nginx SPDY heap buffer overflow 1 Total alerts found 253 Script source code disclosure 1 High 27 Server side request forgery 2 Medium 7 M E SQL injection verified 43 Low 16 B htaccess file readable 1 Informational 5 M Application error message 15 E Backup files 2 3 Targetinformation _http testphp vulnweb com 80 iw Directory listing 14 DA Statistics 59154 requests eo Error message on page 6 oe HTML form without CSRF protection 6 Scan time 16 minutes 11 seconds O meem reesi e a Q JetBrains idea project directory 1 n 3 e PHP allow_url_fopen enabled 1 PHP errors enabled 1 f PHP open_basedir is not set 1 Response time history PHPinfo page found 2 H Source code disclosure 2 E URL redirection 1 oe User credentials are sent in dear text 1 User controlled form action 1 n MR ine OM Ian sia fmm 41 Screenshot Scan Results showing Alerts Summary Web Alerts
74. tional information to the message body to a vulnerable web form to spam a large number of recipients anonymously Network Vulnerability Scanning As part of a website audit Acunetix will execute a network security audit of the server hosting the website This network security scan will identify any services running on the scanned server by running a port scan on the system Acunetix will report the operating system and the software hosting the services detected This process will also identify Trojans which might be lurking on the server The network vulnerability scan assesses the security of popular protocols such as FTP DNS SMTP IMAP POP3 SSH SNMP and Telnet Apart from testing for weak or default passwords Acunetix will also check for misconfiguration in the services detected which could lead to a security breach Acunetix will also check that any other servers running on the machine are not using any deprecated protocols All these lead to an insecure system which would allow an intruder to damage your web site and your reputation Acunetix Online Vulnerability Scanner OVS also integrates the popular OpenVAS network scanner to check for over 35 000 network vulnerabilities During a network scan Acunetix OVS makes use of various port probing and OS fingerprinting techniques to identify a vast number of devices Operating Systems and server products Numerous security checks are then launched against the products identified running
75. ts 124 sae Network Alerts Open Port 22 ssh Port Banner SSH 2 0 OpenSSH_S 3pl Debian 3ubuntu E Open Port 120 pop3 Open Port 21 ftp BD Open Port 143 imap D Open Port 443 https Port Banner Open Port 46S smtps E Open Port 993 maps 220 ProFTPD 1 3 3 Server ProFIPD 176 2 50 165 E Open Port 995 pop3s E Open Port 8443 https alt 3 ND Knowledge Base 1 2 site Structure Open Port 25 smtp Number of websites left to scan 1 Screenshot Port Scanning The Port Scanner performs a port scan against the web server hosting the scanned website Where open ports are found Acunetix Web Vulnerability Scanner will perform network level security checks against the network service running on that port These include DNS Open Recursion tests badly configured proxy server tests weak SNMP community strings and many other network level security checks You can also write your own network services security checks using the script engine A scripting reference is available from http www acunetix com blog docs creating custom checks acunetix web vulnerability scan ner Target Finder E Acunetix Web Vulnerability Scanner Consultant Edition File Actions Tools Configuration Help news G gt y ABS 6 Bleelse nlala a IP Range 192 168 7 1 30 List of Ports 80 443 i start E Subdomain Scanr Ohttp 192 168 7 16 80 3 Bind SOL Injecto Sp httos 192 168 7 1 443 GS HTP Editor
76. ty OVS and WVS The Affected Items report shows the files and locations where vulnerabilities have been detected during a scan The report shows the severity of the vulnerability detected together with other details about how the vulnerability has been detected Developer Report Availability OVS and WVS The Developer Report is targeted to developers who need to work on the website in order to address the vulnerabilities discovered by Acunetix Web Vulnerability Scanner The report provides information on the files which have a long response time a list of external links email addresses client scripts and external hosts together with remediation examples and best practice recommendations for fixing the vulnerabilities Executive Report Availability OVS and WVS The Executive Report summarizes the vulnerabilities detected in a website and gives a clear overview of the severity level of vulnerabilities found in the website Quick Report Availability OVS and WVS The Quick Report provides a detailed listing of all the vulnerabilities discovered during the scan Network Security Report Availability OVS only The Network Security Report provides detailed security information about the perimeter network server scanned by Acunetix Online Vulnerability Scanner This information is very useful for a network security auditor or pen tester who is tasked with analysing the security of the perimeter network Compliance Reports HPA Acunet
77. u might want to switch to using Microsoft SQL server This is recommended when scanning a lot of sites or larger sites This can be done as follows 1 Navigate to the Configuration gt Application Settings gt Database node in the Acunetix Web Vulnerability Scanner interface Select MS SQL Server from the Database Type drop down menu 2 Enter the Server IP or FQDN in the Server text box and the credentials to connect to the server in the Username and Password text box Only SQL Authentication is supported 3 Specify a database name in the Database text box If the database does not exist it will be automatically created If the database specified already exists you will be prompted with a confirmation to overwrite the current database structure and data Note The creation of the database requires a user with SQL Administrator privileges Once the database is created you can change the SQL credentials to a user account with read and write permissions on the database It is also possible to import a database configuration file Select Import Database Configuration and select a dbconfig file generated by the Acunetix Enterprise Reporter to automatically import SQL database settings Acunetix Reports The following is a list of the reports that can be generated from Acunetix Web Vulnerability Scanner WVS and Acunetix Online Vulnerability Scanner OVS Affected Items Report Availabili
78. up in 2 to lt C Users Public Documents Acunetix WVS X LoginSequences gt 7 lf upgrading from version 7 the Reporting database needs to be updated before it can be used in a newer version This can be done using the Reporting Database Upgrade tool which can be downloaded from http www acunetix com download tools ConvertWVSDatabase zip Proceed as follows o If you are using an SQL database select MS SQL Server and specify the Server credentials and Database which needs to be upgraded and click on the Convert button Then configure the new version of Acunetix Web Vulnerability Scanner to use the upgraded database o Convert WVS Database Screenshot Upgrade Reporting Database If you are using an Access database select MS Access and select the database backed up in 3 and click on the Convert button Once ready copy the upgraded database to lt C ProgramData Acunetix WVS X Data Database vulnscanresults mdb gt Installing AcuSensor Acunetix AcuSensor increases the efficiency of an Acunetix scan by improving the crawling detection and reporting of vulnerabilities while decreasing false positives Acunetix AcuSensor can be used on NET and PHP web applications Installing the AcuSensor Agent NOTE Installing the AcuSensor Agent is optional Acunetix Web Vulnerability Scanner is still best in class as a black box scanner but the AcuSensor Agent improves accuracy and vulnerability results when scanning NET and PH
79. vulnerabilities than a traditional black box web security scanner and is designed to further reduce false positives Additionally it also indicates the code where the vulnerability was found This increased accuracy is achieved by combining black box scanning techniques with dynamic code analysis whilst the source code is being executed For Acunetix AcuSensor to work an agent must be installed on your website to enable communication between Acunetix Web Vulnerability Scanner and AcuSensor Acunetix AcuSensor can be used with both PHP and NET web applications AcuMonitor Service Some vulnerabilities can only be detected using an intermediate service The Acunetix AcuMonitor service allows Acunetix Web Vulnerability Scanner to detect such vulnerabilities Depending on the vulnerability AcuMonitor can either report the vulnerability immediately during a scan or send a notification email directly to the user if the vulnerability is identified after the scan has finished More information on the AcuMonitor Service can be found at http www acunetix com websitesecurity acumonitor Port Scanner TE acanctc web Vuerablty Scanner Consultant canion E Fle Actions Tools Configuration Help Mewsan G gt p HIB 6 Bleelie alallala Tools Explorer D g sla al iret D Start URL http testphp v v ie Defaut BI sto Pase e WEB APPLICATION SECURITY A Scan Thread 1 hitp testphp vuinweb cor acunetix s D iy Web Aler
Download Pdf Manuals
Related Search