How does Acunetix perform an automated scan and detect vulnerabilities?
As an automated black-box web application security scanner, Acunetix performs a series of tasks to identify web application vulnerabilities as outlined below.
Target Identification
Acunetix checks if the Target in question is reachable and running a web server, and therefore serving requests over the HTTP protocol.
Acunetix fingerprints the web server to identify popular technologies that the web server might be using. This allows the scanner to identify the type of web server (e.g. Apache HTTP Server, Nginx, IIS…), the server-side language being used (e.g. PHP, ASP.NET, Java/J2EE, Python, NodeJS…) as well as the operating system the web server is running on. This information allows the scanner to automatically tune itself to the Target to be scanned – for example, certain vulnerabilities will only exist on Windows servers, or specific versions of PHP.
Site crawling and structure mapping
The index file is requested from the web server. This is determined by the start URL (e.g. http://www.example.com/ will load index.html).
Once a response is received, DeepScan is launched, executing any JavaScript present on the web page.
The Crawler, hand-in-hand with DeepScan will follow links, map input fields and parameters. This contributes to building a list of directories and files within the site.
🔍 Crawling with AcuSensor |
If AcuSensor technology is used a list of files will be accurately retrieved directly from the server via a back-end crawl. |
Security analysis performed against the site structure
Acunetix launches a number of security tests against the target website
As Acunetix discovers vulnerabilities, alerts are reported in real-time. Each alert produces detailed information about the vulnerability, recommendations on how to fix it, as well as several links through which the user can learn more about the reported vulnerability and how to fix it.
🔍 Scanning with AcuSensor |
If AcuSensor is enabled, debug information will also be reported, like the SQL query vulnerable to SQL injection and the line of vulnerable code responsible for the exploit. |
After a scan is completed, scan results may be exported to an XML format, submitted to an Issue Tracker, exported to a WAF for virtual patching, or used to generate a variety of reports.