Is Your SQL Server Susceptible to SQL Injection Attacks
You can test a single Web site by typing the address directly in the application window or load a text file with multiple addresses to test several sites at once. WVS also features a Scan Wizard that will step you through the process of determining the type of scan you want to make, the targets you want to test, and the crawling options you want to set. You can save these settings in a profile for follow-up scans.
In addition to locating pages on your site by following the links from the home page, WVS can also test pages available through a robots.txt file, if available. (For more on robots.txt, see www.searchengineworld.com/robots/robots_tutorial.htm.)
As WVS analyzes and tests pages through which it can input data, it will provide recommendations on how to fix vulnerabilities it has found and suggest resources for learning more about them. Scanning options let you determine whether to disable alerts, report server errors, or sychronize scans on multiple sites.
If the database option is enabled, the results of a scan can be used to generate reports based on three threat-level categories – high, medium and low – in addition to one that summarizes information about the scan. You can even compare the results of the current scan with those of a previous one. The information to include in the reports can be customized and saved to a file or printed.
WVS also comes with an HTTP Editor for building custom HTTP requests, a Target Finder for probing a range of IP addresses, and an Authentication Tester to test password-protected Web sites.
Overall, this is a very helpful tool for developing Web sites. It occurred to me, however, that WVS may also be a good tool for hackers as they can easily use it to find Web sites that are vulnerable to SQL Injection.
You can manually check for available updates from within the application or configure it to check automatically at application startup.
As always, support plays a vital role when selecting a tool or product. Acunetix’s main support module for the Web Vulnerability Scanner is e-mail. Using an option available from within the application itself, you can automatically gather information about your system and send it to the vendor.