Why Are Some Vulnerabilities Marked as Verified?
Starting from Acunetix Version 12 (build 12.0.190325161), Acunetix marks some vulnerabilities identified during a scan as verified. Verified vulnerabilities are vulnerabilities that Acunetix has detected with 100% certainty in the web application being scanned and thus they do not need to be manually verified.
Acunetix can verify vulnerabilities with or without AcuSensor, although AcuSensor does help in the verification of some vulnerabilities.
In most cases, vulnerabilities that are not marked as verified are valid vulnerabilities too, however, the way that the vulnerability was detected does not allow Acunetix to be 100% certain that the vulnerability exists. In general, Acunetix has a very low rate of false positives.
Nicholas Sciberras Chief Technical OfficerLinkedIn: https://www.linkedin.com/in/nicholas-sciberras/
As the CTO at Acunetix, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams and provided technical training.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/dsOHt3XRHhY/
