Acunetix tests for internal port scanning, cloud metadata endpoint access, and XML external entity processing.
Like all DAST (Dynamic Application Security Testing) tools, Acunetix cannot infer business logic. It cannot detect that a user can edit another user’s order by changing an ID in a URL—that requires manual testing or SAST. acunetix web vulnerability scanner