To use Acunetix OVS, the configuration steps are quite long but easy. To get started, the first thing you need to do is to register to create an account on the Acunetix Web Vulnerability Scanner, before you can try to start using this service. You can sign up by visiting the website Acunetix ⇒ Register Acunetix .
To start the trial. Make sure that the details of the information you have entered are correct according to the request you wanted when you registered. After you submit the registration form, you will receive a confirmation email that will be sent to the email address you used to register. Click the link in the email to confirm.
Important: Registration requires a password must be at least 8 characters long, and contain the following 3 items – numbers, lowercase letters, uppercase letters and special characters (for example @ # $%!)
This Acunetix OVS Trial version is only given to you for 14 days and you can only scan up to 2 targets and reports in PDF format and full reports are not displayed to you.
You can log in to the Acunetix OVS account from https://ovs.acunetix.com . Use the email address and password you provided during registration to log in to your Acunetix account .
After you login, you will go to your Acunetix dashboard page, and the next step is to configure the target scan and after it is configured, the target scan can scan repeatedly. To add a scan taget, you can click on the ” Scan Target ” menu , and select ” Add Scan Target “.
Enter the Name, Description and Enter the URL of the website or web application, or the IP of the server that you want to scan. And after all your fields are filled in correctly, please click the ” Add Scan Target ” button .
Web Scan Verification
After you create a new scan target, you will be asked to verify ownership of the scan target. Target scan verification will depend on the type of scan you choose.
To verify the Web scan you must follow these 3 steps or you can see the picture above:
- You must download the verification file that has been provided, you only need to click the ” Download File Verification ” button .
- Upload the verification file to the root directory of your web folder (using FTP or upload via cPanel Hosting ).
- Return to the Acunetix OVS page, and click the ” Verify Scan Targe ” button to complete the verification process.
Note: Verification files need to be stored at the root of the site, because Acunetix OVS will always check the verification file every time a server scans.
Network Scan Verification
- For a Network scan you will need to verify the authenticity of your account details, and verify your account details request by an Acunetix representative.
- From within your target scan configuration, in Network Scan Verification, click ” Proceed to verify my details “, or you can go directly to the Profile menu
- Confirm that your account details are correct, and updates are needed.
- From within the Account Verification section, you can request verification of your account details.
- A Representative from Acunetix will contact you within 24 hours to complete verification.
- After your account details have been verified, you can start a network vulnerability scan on all scan targets that you have entered.
Web Server Scan Settings
In the web server scan settings, you can configure the authentication settings needed to access restricted areas in your website. You can also generate a unique AcuSensor agent for the scan target.
Configuring Web Site Authentication
If the new scan target is a web application or website, you might need to scan restricted areas in the web application. Information used to access restricted areas can be configured from Web Server Scan Settings in the target scan configuration.
In most cases, you can choose to use ‘Automatic Login (for simple web applications)’. You only need to provide a Username and Password to access the restricted area. The scanner will automatically detect the login link, logout link and the mechanism used to keep the session active.
After all of the above configuration you have done, you can try scanning by clicking the Lauch Scan menu, you will see a list of the Scan targets that you have entered. To do a scan you only need to check the target scan that you want to scan and click ” Scan Now “. You can also easily set the Scan schedule by going to the Scans »Schedule Scans menu .
Below is an explanation of the hazard status (vulnerability) found:
One of the key components of the scan results is a list of all vulnerabilities found in the scan target during the scan. Depending on the type of scan, this can be either Web Alerts or Network Alerts, and tags are categorized according to 4 severity levels:
- High Risk Alert Level 3: Vulnerability is categorized as the most dangerous, which places the target scan at maximum risk for hacking and data theft.
- Medium Risk Alert Level 2: Vulnerability caused by server misconfiguration and weak sitecoding, which facilitates server intrusion and intrusion.
- Low Risk Alert Leve 1: Vulnerability stems from lack of data traffic encryption or directory path disclosure.
- Information Alert: this is an item that has been found during a scan and is considered interesting, for example the possibility of disclosure of internal IP addresses or email addresses, or matching search strings found in the Google Hacking database, or information about services that have been found during scanning.