Acunetix. What is the “target knowledge base”?
May 13, 2021 - 5 minutes readWith the latest update to Acunetix, we introduced a new feature called the target knowledge base. Every time you scan a target, Acunetix gathers and stores information about it. This information includes paths that make up the site structure, the location of forms and their inputs, parameters used by the web application, any APIs that are used, and the detected vulnerabilities.
Getting Better with Time
The idea behind the target knowledge base is to be able to reuse as much of this information as possible in subsequent scans to empower the Acunetix crawler. You can think of the crawler as an adventurer who is entering a maze and needs to check all available paths to reliably find his way out of the maze. In the same way that the adventurer would be much more efficient at completing his task if he had an updated map of the maze, the crawler becomes more thorough at building the site structure when it can use the target knowledge base.
With the target knowledge base, the scanner does not need to start every scan from zero. Instead, it gets a head start by using the list of URLs from the knowledge base. This is similar to supplying the scanner with an import file, which contains a list of URLs to populate the site structure before the crawler starts to work.
Leave No Spot Behind
While testing the target, Acunetix probes it by submitting various payload data values, formatted in a way that is designed to identify vulnerabilities. The way that the web application responds to the requests made by Acunetix may affect the thoroughness of each scan. Some scans may expose certain URLs while other scans may not, depending on circumstances.
With the target knowledge base, each subsequent scan goes beyond what the crawler discovers during that scan – it uses paths and locations accumulated during previous scans of the same target. This ensures that you can scan URLs that you cannot reach predictably or consistently using the regular crawl function.
In addition, many targets evolve over time as the developers add new features, change existing features, and remove functions. This means that, for example, a function that has been removed may no longer be reachable through any link or web page inside the target, but may still linger on the web server as an orphaned URL. Thanks to the target knowledge base, Acunetix can scan even these orphaned functions.
Reliable Vulnerability Verification and Self-Healing
Acunetix also stores information about all vulnerabilities identified during previous scans of the target and uses this information in subsequent scans of that target. This means that when you want to re-check whether the vulnerabilities are still there, the crawler does not need to identify them again because the scanner is aware of their possible existence.
Another nice feature is that the target knowledge base is self-healing. If you change a part of the site structure and some URLs no longer exist, the crawler will first attempt to reach all the previously stored URLs, and then remove the obsolete ones from the knowledge base. This means that even if you redesign the web application and you know that the previous site structure is no longer valid because of this redesign, a subsequent scan will automatically clean up and correct knowledge base data.
Target Knowledge Base Configuration
If for any reason you wish to temporarily run one or more scans without using the target knowledge base, you can change the settings for the target and disable the use of the knowledge base for any new scans that you launch. Then, you can enable it again to scan the regular version of the target.
You can also permanently delete the contents of the knowledge base and start accumulating new data for the target. To do this, simply expand the Advanced section of the Target Settings page and click the Delete knowledge base button in the Knowledge Base panel.
Source: Acunetix
The post Acunetix. What is the “target knowledge base”? appeared first on NSS.
Powered by WPeMatico