Penetration & WAF Testing Tools

Acunetix works with advanced tools for penetration testers to take web security testing further. You can seed Acunetix scans using external tools as well as automatically export scan results to other tools to fully protect your web applications.

Most penetration testing professionals prefer to work with a whole scope of automatic and manual tools, not just a vulnerability scanner. Acunetix lets veteran testers as well as up-and-coming security researchers perform manual tests and then use the results of these tests to seed Acunetix scans. You can import data from the following security testing proxies:

- Telerik Fiddler
- PortSwigger BurpSuite
- Postman

Automatic Web Application Firewall (WAF) configuration

Acunetix integrates with popular Web Application Firewalls (WAFs) to automatically create appropriate WAF rules. These rules protect web applications against attacks that target vulnerabilities found by the scanner. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them. Acunetix integrates with:

Imperva SecureSphere
F5 BIG-IP Application Security Manager
FortiWeb WAF
Citrix Web Application Firewall

WAF Auto-configuration and Itegration/Extensibility Features

Acunetix features a powerful RESTful Application Programming Interface (REST API). The REST API allows you to access and manage scan targets, scans, vulnerabilities, reports, and other resources within Acunetix in a simple, programmatic manner using conventional HTTP requests.

Intuitive and powerful API endpoints
Easily retrieve results and execute actions
Seamlessly integrate Acunetix into complex, custom workflows and processes

Frequently asked questions

What tools do pen testers use?

Penetration testers (pen testers) use a lot of automatic and manual tools. They use a vulnerability scanner to perform initial analysis and find typical vulnerabilities. Then, they perform manual penetration testing using tools such as Metasploit, W3AF, and many more. Tools are selected according to specific needs at the time.

Read about Acunetix as penetration testing software.

What is better: pen testing or vulnerability scanning?

Both penetration testing and vulnerability scanning are important. Vulnerability scanning should be performed first to save time that would be needed for manual penetration testing. Then, you should perform manual penetration tests for vulnerabilities such as business logic issues (that cannot be found using any automated tools).

Read about the relationship between penetration testing and vulnerability scanning.

How does Acunetix work with pen testing tools?

The Acunetix web vulnerability scanner is a pen testing tool in itself: an automated penetration testing tool. However, Acunetix can also work with manual penetration testing tools by importing data directly from them.

Learn how to use import files with Acunetix.

How do I use Acunetix for pen testing?

The best way to use the Acunetix web vulnerability scanner as part of penetration testing is to start with an Acunetix scan. The Acunetix scan will give you a structure of the web application and find typical vulnerabilities. You can then use the structure of the web site to dig deeper manually if needed.