[_b8r0]

It sounds like he's being screwed over by the vendor, who forced him to sign an NDA.

To be honest anyone using Acunetix isn't looking to hack into anything. It's an enterprise scanner that looks for general web app issues rather than something that's typically used to conduct actual attacks. You'd expect an actual attack to be conducted with a tool like Havij, Sqlmap, Burp or Zap proxy.

[danielharan]

He did manage to slow the site down significantly, to the point of being unusable. Not surprising given the code quality of an app where replacing the student id in a url parameter gives you access to their file.

However the vendor offered him a job and a scholarship, so it seems like it's the university's over-reaction.

[thefreeman]

As I said in my post, I don't believe his intent was malicious (which is what I assume you mean by "hack into").

But that doesn't make the scanner any less stressful or detrimental to the system