Home Business and Technology Transformation

Acunetix Web Application Vulnearbilities Scanner

Introduction

Website Application Security ReportWebsite security and compliance is possibly today's most overlooked aspect of securing the enterprise sensitive company, customer, and employee data, on meeting regulatory and corporate compliance requirements, and on defending against the hight cost of data breach and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, business unit/division or mission critical enterprise/industry/government wide web application etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases.

Firewalls, SSL and locked-down servers are futile against web application hacking

Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications are often tailor-made therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

Product Overview

E-SPIN business value ROI calculator 
 Pricing and order information

Custom quote

If web applications are not secure, then your entire database of sensitive information is at serious risk. Why?

Websites and related web applications must be available 24 x 7 to provide the required service to customers, employees, suppliers and other stakeholders.

Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public or to make available to all users (for intranet web application scenearios).

Web applications often have direct access to backend data such as customer databases, mission critical enterprise databases and, hence, control valuable data and are much more difficult to secure.

Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software.

Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data or make use of the information stealth. 

 

E-SPIN's represented Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

 

In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities

 

SQL Injection

Acunetix checks for all web vulnerabilities including SQL injection, Cross site scripting and others. SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.

Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine which quickly finds vulnerabilities with a low number of false positives. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion and Authentication vulnerabilities.

AcuSensor Technology – identify more vulnerabilities with less false positives

 

WVS Acusensor

Allowing you to identify more vulnerabilities than a traditional black box Web Application Scanner and generating less false positives, Acunetix AcuSensor Technology combines black box scanning techniques with feedback from sensors placed inside the source code while source code is being executed.

The advantages of AcuSensor Technology are many. These include: locating and fixing a vulnerabilities faster, whilst providing more information about each vulnerability, such as source code line number, stack trace and affected SQL query; it also checks for web application configuration problems, such as misconfiguration of web.config or php.ini files; detects many more SQL injection vulnerabilities without depending on web server error messages; and many more.

Port Scanner and Network Alerts

 

 

WVS port scanner


While scanning the website, scan also the web server for open ports and run network alert checks against network services running on the open ports such as DNS cache poisoning and recursion tests, SNMP weak community strings, weak SSH ciphers and many other network services tests. The network alerts checks are scriptable so you can modify them or write new ones yourself.

 

Scan AJAX and Web 2.0 technologies for vulnerabilities

 

AJAX and Web 2.0 Service Scanning

 

The state of the art javascript analyzer allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications and find vulnerabilities.

 

Detailed reports enable you to meet Legal and Regulatory Compliance

 

Regulatory Compliance Detailed Report

 

Acunetix Web vulnerability scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new VISA PCI Data Compliance requirements.

 

Analyzes your site against the Google Hacking Database

 

Google Hacking Database Checking

 

The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive data on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.

 

Advanced penetration testing tools included

 

Advanced Penetration Testing Tools

 

In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security checks:

  • HTTP Editor - With this tool you can easily construct HTTP/HTTPS requests and analyze the web server response.
  • HTTP Sniffer - Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application
  • HTTP Fuzzer - Performs sophisticated testing for buffer overflows and input validation. Test thousands of input variables with the easy to use rule builder of the HTTP fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
  • Create custom attacks or modify existing ones with the Web Vulnerability Editor 

 

Test password protected areas and web forms with Automatic HTML form filler

 

Password Protection Areas, User ID and Password Hacking

 

Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test these pages. Not so with Acunetix: Using the macro recording tool you can record a logon or form filling process and store the sequence. The scanner can then replay this sequence during the scan process and fill in web forms automatically or logon to password protected areas.