Acunetix adds Business Logic Recorder to enable deeper vulnerability scanning of web apps

Acunetix has incorporated a brand new feature, the Business Logic Recorder (BLR), into the product. The Business Logic Recorder is a unique Acunetix feature that is designed to enable effective testing of particular scenarios, especially multi-step web forms, which would otherwise make it impossible for a scanner to reach all areas of a web application.

Web applications process user input data in the background but an automated scanner cannot recognize the meaning of this data. In many cases, the application may behave differently depending on the data that the user selects or enters.

BLR essentially allows the security engineer to record a number of sequences, ensuring that the scanner can reach all valid variations for vulnerability testing.

“Many web applications, including those with shopping carts, use multi-step forms,” said Nicholas Schiberras, Acunetix Chief Technology Officer.

“Acunetix is the only automated web vulnerability scanners that allows security professionals to quickly and easily overcome constraint barriers and test all corners of these web applications without extensive manual work.”

The Business Logic Recorder is designed to enable effective testing of particular scenarios. It allows administrators to define multiple input sequences to ensure the scanner:

• Reaches and tests all variations of multi-step web forms or other web application workflows.
• Fulfills particular constraints to reach parts of a web application, which an automated scanner would otherwise not be able to test.

The Business Logic Recorder is available for every target in the latest release of Acunetix v13.