Rapid7 NeXpose & Acunetix
Posted on 2010-09-01
I have a questionnaire on my site that a college student would like to use in his project.
However the IT department of his college must first run a web application vulnerability assessment. I was told that the scan will not target operating system and/or network vulnerabilities, but rather potential vulnerabilities in the web application.
Either Rapid7 NeXpose or Acunetix will be used to perform the scan.
For Rapid7 NeXpose does anything have to be installed on my server? From what I can tell, with Acunetix nothing has to be installed on my server, the scan can be made from any computer.
Could there be a security risk for me when other people run these programs and check my site's applications, or do I only stand to gain if they inform me of possible vulnerabilities?
If these programs can be run by anybody, why do you think I was asked to give permission? Is it because I can find evidence that these programs have been run from my logs?
thanks for your help!