Acunetix Web Vulnerability Scanner first identifies web servers from a particular IP or IP range. After that, it crawls the whole site, gathering information about every file it finds, and displaying the entire website structure.
After this discovery stage, it performs an automatic audit for common security issues. Acunetix Web Vulnerability Scanner is a software that automatically detects file inclusion.
The Port Scanner and network alerts allow you to perform a port scan against the web server where the scanned website is running. When open ports are found, Acunetix WVS will perform complex network level security checks against the network service running on that port, such as DNS Open recursion tests, badly configured proxy server tests, weak SNMP community strings and many other network level security checks
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.
Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders.
User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.
These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.
Acunetix AcuSensor Technology is a new security technology that allows you to identify more vulnerabilities than a traditional Web Application Scanner, whilst generating less false positives. In addition it indicates exactly where in your code the vulnerability is. The increased accuracy is achieved by combining black box scanning techniques with dynamic code analyzes while the source code is executed
Advantages of using Acunetix AcuSensor Technology:

· Allows you to locate and fix the vulnerability faster because of the ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query.
· We can significantly reduce false positives when scanning a website because we can internally understand better the behaviour of the web application.
· Can alert you of web application configuration problems which could result in a vulnerable application or expose internal application details. E.g. If ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.
· Detect many more SQL injection vulnerabilities. Previously SQL injection vulnerabilities could only be found if database errors were reported or via other common techniques.
· Ability to detect SQL Injection vulnerabilities in all SQL statements, including in SQL INSERT statements. With a black box scanner such SQL injections vulnerabilities cannot be found.
· Ability to know about all the files present and accessible though the web server. If an attacker will gain access to the website and create a backdoor file in the application directory, the file will be found and scanned when using the AcuSensor Technology and you will be alerted.
· AcuSensor Technology is able to intercept all web application inputs and builds a comprehensive list will all possible inputs in the website and tests them.
· No need to write URL rewrite rules when scanning web applications which use search engine friendly URL’s! Using AcuSensor Technology the scanner is able to rewrite SEO URL’s on the fly.
· Ability to test for arbitrary file creating and deletion vulnerabilities. E.g. Through a vulnerable scripta malicious user can create a file in the web application directory and execute it to have privileged access, or delete sensitive web application files.
· Ability to test for email injection. E.g. A malicious user may append additional information such as a list or recipients or additional information to the message body to a vulnerable web form, to spam a large number of recipients anonymously.

Limitations:
· Does not allow saving and generation of scan reports
· Nag screen

What's New in This Release:
New Security Check:
· Acunetix WVS 8 checks if your PHP-CGI installation is vulnerable to remote code execution. For further information regarding this type of vulnerability, read the PHP-CGI advisory article here.
New Features:
· Ability to edit scheduled scans. No need for scheduling new scans every time you wish to change a scan setting.
· Amend multiple scheduled scans simultaneously by selecting them and applying the required global changes.
· Save all your scanned results and access them at any time from your scheduler’s scan history. You can also delete your scanned results from the web-based scheduler.
· A new setting has been introduced to configure the maximum number of pages during a crawl.
Improvements:
· Improved Cross-Site Scripting (XSS) tests.
· The web-based scheduler has been improved to run better in the latest version of Internet Explorer.
· Enhanced SQL injection tests to reduce the false positives reporting even more.
Bug Fixes:
· The scheduled scans can be corr...