When testing for blind vulnerabilities, Acunetix generates unique payloads that trigger a DNS lookup or HTTP callback to Acunetix's own infrastructure. If that callback occurs, the scanner knows the vulnerability exists, even if the application's response looked perfectly normal.
In the modern development landscape, speed is the currency, and security is often the tax. DevOps teams push code daily, sometimes hourly. In this frenzy, traditional vulnerability scanners have become the bottleneck—slow, noisy, and riddled with false positives. acunetix vulnerability scanner
This crawler executes JavaScript, waits for async calls, fills out forms dynamically, and maps the entire DOM. It doesn't just scan page.php?id=1 ; it scans /#/dashboard/user/settings and every hidden API endpoint triggered by a button click. DevOps teams push code daily, sometimes hourly
Here are the five features that define the Acunetix advantage. Most scanners operate in the dark. They send payloads, analyze responses, and guess if a vulnerability exists. Acunetix changes the game with AcuSensor . It doesn't just scan page
For modern stacks (GraphQL, REST APIs, WebSockets), this is non-negotiable. If your vulnerability scanner can't render JavaScript, it's effectively blind. Some vulnerabilities are silent. Blind SQL injection, server-side request forgery (SSRF), and XML external entity (XXE) attacks may not return data in the HTTP response. They "phone home" to a different server hours later.
Acunetix handles this with —often called "DNS-based detection" or "collaborator channels."
Acunetix features a for authentication. An operator logs into the target app once while the browser extension records every click, token extraction, and header modification.