· Cross site scripting
· SQL injection
· CRLF injection
· Code execution
· Directory traversal
· File inclusion
· Script source code disclosure
· Discovers files/directories that may contain sensitive information
· Looks for common files (such as logs, application traces, CVS web repositories), back-up files or directories
· Finds directory listings
· Discovers directories with weak permissions
· Discovers available web server technologies (such as WebDAV, FrontPage, etc.)
· Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
· Inspects the HTTP version banners and looks for vulnerable products
· Tests password strength of applications.
Extend attacks:
· With Acunetix Web Vulnerability Scanner, you can construct HTTP/HTTPS requests and analyze the responses using the HTTP editor.
Connection spy:
· By enabling you to log, intercept and modify all HTTP/HTTPS traffic, Acunetix Web Vulnerability Scanner gives you an in-depth insight into what data your web application is sending.
Test password strength:
· To test the strength of your passwords, you can perform a dictionary attack on basic HTTP, NTLM or form-based authentication.
Test database editor:
· Acunetix Web Vulnerability Scanner includes a text database editor that permits you to add additional attacks to the test database (Enterprise & Consultant versions only).
Supports all major web technologies:
· Applications utilizing CGI, PHP, ASP, ASP.NET can all be tested for vulnerabilities.
Scanning profiles:
· Acunetix Web Vulnerability Scanner allows you to quickly scan sites with different options and identities.
Reporting:
· You can save scan sessions to MS SQL Server/Access databases and generate complex reports from previous scan sessions using information stored in the database.
Download
0 komentar:
Posting Komentar