Is your website hackable?
As many as 70% of websites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the compromised site.
Firewalls, SSL and Hardened Networks are Futile against Web Application Hacking!
Web application attacks, launched on port 80/443, go straight through the firewall, past the operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.
Find out if your website is secure before hackers download sensitive data, launch criminal activity from your website and endanger your business. Acunetix Vulnerability Scanner automatically crawls and scans off-the-shelf and custom-built websites and web applications for SQL Injection, XSS, XXE, SSRF, Host Header Attacks & over 500 other web vulnerabilities.
Acunetix – The Technology Leader in Web Application Security
Acunetix are the pioneers in Automated Web Application Security Testing with an engineering lead in website structure analysis and vulnerability detection. The Acunetix innovative technologies include
- DeepScan Technology allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage complex technologies such as SOAP/WDSL, SOAP/ WCF, WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations.
- Industry’s most advanced and robust SQL Injection and Cross-site Scripting testing, including advanced detection of DOM-based Cross-site Scripting. ·· A Login Sequence Recorder that allows the automatic crawling and scanning of complex password protected areas including multi-step, Single Sign-On (SSO) and OAuth-based websites.
- AcuSensor Technology allows accurate scanning further reducing the false positive rate, by combining black box scanning techniques with feedback from its sensors placed inside the source code.
- Highest detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress’ core, themes and plugins.
- Multi-threaded, lightning fast crawler and scanner that can crawl hundreds of thousands of pages without interruptions. ·· Easily generate a wide variety of technical and compliance reports aimed towards developers and business owners alike.
In-depth checking for SQL Injection and Cross-Site Scripting (XSS) Vulnerabilities
Acunetix Vulnerability Scanner rigorously tests for hundreds of web application vulnerabilities including SQL Injection and Cross-site Scripting. SQL Injection is one of the oldest and most prevalent of software bugs; it allows attackers to modify SQL queries in order to gain access to data in the database. Cross-Site scripting attacks allow attackers to execute malicious scripts inside your visitors’ browser; possibly leading to impersonation of that user. Acunetix is the industry leader in detecting the largest variety of SQL Injection and XSS vulnerabilities, including Out-of-band SQL Injection and DOM-based XSS.
AcuSensor Technology Guarantees Low False Positives
Acunetix includes unique AcuSensor Technology that analyzes code as it gets executed, resulting in higher detection rate, and importantly elimination of false positives. Furthermore, AcuSensor technology is able to indicate where the vulnerability is in the code and report debug information. AcuSensor not only finds more vulnerabilities, but will save valuable time for your security and development teams.
Test Authenticated Web Applications with Login Sequence Recorder
Testing authenticated areas of your web applications is absolutely crucial to ensure full testing coverage. Acunetix Vulnerability Scanner can automatically test authenticated areas by recording a Login Sequence using the Login Sequence Recorder. The Login Sequence Recorder makes it quick and easy to record a series of actions the scanner can re-play to authenticate to a page. The Login Sequence Recorder can also record a series of Restrictions; making it trivial to granularly limit the scope of a scan in a few clicks.
DeepScan Technology Scans Most Content
Detailed Reports Enable you to Meet Legal and Regulatory Compliance
In order to keep track of the vulnerabilities detected in your web applications, Acunetix Vulnerability Scanner includes extensive reports to help manage escalation and remediation of vulnerabilities while assisting in task prioritization. It also includes a range of Compliance and Classification reports including: PCI DSS; OWASP Top 10; ISO 27001; NIST Special Publication 800-53 (for FISMA); HIPAA; Sarbanes-Oxley; Mitre CWE/ SANS Top 25 Most Dangerous Software Errors, among others.
Advanced Network Level Scanning
Comprehensive security audits require detailed inspection of the perimeter of your public-facing network assets. Acunetix has integrated the popular OpenVAS scanner within Acunetix Online Vulnerability Scanner to provide a comprehensive perimeter network security scan that integrates seamlessly with your web application security testing, all from an easy to use simple cloud-based service. Acunetix will test for weak passwords, insecure web server configuration, directories with weak permissions, DNS server vulnerabilities, FTP access tests, badly configured Proxy Servers, weak SSL ciphers, and many other sophisticated security checks.
WordPress Vulnerability Scanning
Acunetix Vulnerability Scanner identifies WordPress installations, and will launch security tests for over 1200 popular WordPress plugins, as well as several other vulnerability tests for WordPress core vulnerabilities. In addition, Acunetix Vulnerability Scanner will also conduct other WordPress-specific configuration tests such as weak WordPress admin passwords, WordPress username enumeration, wp-config.php backup files, malware disguised as plugins and old versions of plugins.
Advanced Penetration Testing Tools
Acunetix Web Vulnerability Scanner includes advanced tools for penetration testers to further automated testing, integration with external tools, as well as tools to aid in testing business-logic web applications:
- HTTP Editor – Construct HTTP/HTTPS requests to analyze the web server response.
- HTTP Sniffer – Intercept, log and modify HTTP/HTTPS traffic sent by web application.
- HTTP Fuzzer – Fuzz HTTP/HTTPS requests to test validation and handling of invalid or random data. ·· Perform automated database data extraction using Blind SQLi vulnerabilities.