When you build web applications, you often use multiple back-end web services to interface between client-side and server-side applications. For example, enterprises use functional subdomains to distribute static content or application logic between API requests. To scan the entire web application, the web vulnerability scanner must scan all such subdomains.
By default, Acunetix will not scan any content that is hosted on domains other than the target domain because such content is considered out of scope. However, Acunetix has a function called allowed hosts that lets you widen the scope of the scan to include content hosted on other specific hosts. These hosts can include content delivery networks or APIs used to provide services to the main target.
Configuring an Allowed Host
For the purposes of this post, let’s say that testphp.vulnweb.com is the main target and testhtml5.vulnweb.com is an allowed host of the main target. Let us also assume that testhtml5.vulnweb.com is being used as an API to retrieve content from a user database and provide it to the main target, testphp.vulnweb.com.
You must configure the allowed host as a separate target in the following way:
- Click on the Add Target button on the Targets page.
- Fill in the fields and click on the Add Target button.
- The target configuration page appears. You can configure additional settings for the allowed host on the target configuration page.
By default, the Acunetix scanner will limit the scan scope to the main target. Other domains, including subdomains, will be excluded from the scan. To include an additional domain when scanning the main target, you can enable the Allowed Hosts option from the Advanced section in the main target settings:
- Go to the Targets page and click on the main target.
- Click on the Advanced tab of the target configuration page. Toggle the Allowed Hosts option and select the allowed host.
Once the allowed host has been configured, a scan on the main target (http://testphp.vulnweb.com) will also include a scan on the allowed host target (http://testhtml5.vulnweb.com), given that the main target in some way leads to the allowed host (for example, there are links from the main target to the allowed host).
You can use the allowed hosts functionality according to your needs. An allowed host may be an additional subdomain used by your web application or a completely separate domain used for an API. For example, you can add https://api.example.com as an allowed host to the main target https://www.example.com.
Get the latest content on web security
in your inbox each week.