- If (web application, portal application) authentication is require, to properly set up the LSR (Login Sequence Recorder), including Restrictions and Session detection pattern.
- To make sure that Acunetix has found all possible locations in the application. This can be augmented by pre-seeding the scan with an import file that contains all the locations in the application.
- E-SPIN is particular recommend all customer for all kind of automated web scanner to buy with at least one Burp Suite Pro license for capable to perform manual, advance and complex web application penetration testing for kind of web application security testing project. It just tiny for the investment cost, but serve well as Swiss knife for expert user to accomplish lot of web application security testing project and operation requirement.
- If their application is in PHP, .NET, or JAVA, they can install Acusensor (ie grey box testing) to further increase their coverage. Special remark: target website need to install respective platform agent, else simply turn on from console it will not working.
Another area E-SPIN is always recommended all customer is to equip user with the adequate working knowledge for both the web application security testing skill and the testing tool feature and how-to-do workflow and process, so you can maximum the investment. Depend on your actual and how serious the use case, E-SPIN being delivered for 10 days customized training and knowledge transfer session to facilitate enterprise client for the extensive investment in threat and vulnerability management (TVM) cover various product point solution, working as integrated end to end solution cover vulnerability assessment to penetration testing (VAPT), feel free to contact E-SPIN for all kind of project requirement.