- Acunetix Web Vulnerability Scanner (referred AWVS) is a well-known network vulnerability scanning tool, it tests your website secure by a web crawler, popular detect security vulnerabilities. (AWVS Detailed Description Reference: https: //www.cnblogs.com/finer/p/9864700.html)
- AppScan is IBM's out of a Web application security testing tools, the use of black-box approach can scan common web application security vulnerabilities. It works, first of all visible pages based on start crawling Station, while the common test management background; After obtaining all the pages with SQL injection principle be possible to test whether there is a point of injection and cross-site scripting attacks; also have cookie management, session period and other common web security vulnerabilities for testing.
Note: This article has not yet installed when the corresponding notes learning software, used to study the video picture the teacher to explain the interface and, if need be after the installation blog, with the software and then replace the paper with a diagram
A, AWVS (you can go online to download the Chinese version)
1. Go interface as follows:
2. Click new scan (the red box) appears scan wizard, which supports the Website URL addresses and URL, enter the destination address click next
3. Click on the first scan policies Scanning profile, you can choose a special scanning the drop-down list such as file upload vulnerability, vulnerability, and so blind, default relative comparison of the full sweep
4. Then click below Customize, you can choose the scanning behavior, pop-up screen as follows, on the web, HTTP protocol to understand more of what students can set up their own
5. Generally, we are above two we default, then we can next, the interface is as follows, with the target address, also climbed over the basic information
6. Continue to next page the following
Figure 7. The first way to spend themselves to the landing URL, first click after entering into the URL
8. enter the login screen, enter the account password after successful login click the bottom right corner finish
9. Save the login sequence, he will save itself to the own specific path
Then open just after the interface 10. preserving, FIG red box will automatically appear the just saved sequence
11. Click next to enter the login attempt
12. When finished click finish, the red box on the right position began to sweep it (can scan the site must comply with the rules, the rules for complex site scanning is not complete, so it requires manual operation)
13. The completion of the scan interface, display high-risk vulnerabilities red box on the left and right frame corresponding to the parameters that we can test, the subject of the picture to the right of the text is wrong, is described in detail above, the right red box
14. We should carefully study is under the red box, behind the first row id is above right red box red font - Parameters
15. We paste red font to the original site address in the browser, if you can run properly, the red box on the upper-right Tests Performed under a false look of pasted again, and press Enter page URL shown below ( this step is blind loophole)
Description Statement is substituted executed, it can determine the emergence injection vulnerability
16. enumeration vulnerabilities, important documents can be found by blasting a path
Summary: you can sweep out most of the loopholes, but some also sweep out the need for manual operation
二、appscan
1. Load the initial interface and software interface
2. Usage and awvs like, click Create a new scan
3. pop predefined templates where we choose conventional scanning
4. The following interface pops up, click Next
The input address, after displaying click next connected to the server
6. Select whether to use a proxy requires authentication, then enter the site, click Next after the completion of
7. Click the browser using AppScan records of the case, the first step to start AWVS 7 as no demonstration here
8. Optional test strategy, where we select Default, click Next
9. This step is not to move, click Finish
10. The pop-up interface, select "Yes", naming their own to save the scan results
11. Start Scan
12. A scan is complete, the left loopholes red box, corresponding to the right is explained as follows:
