Acunetix - Web Vulnerability Scanner
Acunetix is the technology leader in automated web application security tools. Acunetix was created to detect vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS) by "thinking" like a hacker, in order to find and fix the vulnerabilities before actual hackers do. It has the capability to automatically crawl and scan a variety of web Content Management Systems (CMS) such as WordPress, Joomla! and Drupal, as well as web applications for over 3000 web vulnerabilities to help organisations shore up their web security.
Acunetix is an automated web application security tool which automates the tedious task of manual testing, and is available both as an online (OVS - Online Vulnerability Scanner) and an on-premise solution (WVS - Web Vulnerability Scanner). It is able to scan any website or web application that is accessible over the HTTP/HTTPS protocol, detecting and reporting back on vulnerabilities within applications built on a variety of different architectures which include WordPress, Joomla! and Drupal. Acunetix WVS also provides Manual Penetration tools such as Blind SQL Injector, HTTP Editor, HTTP Sniffer and HTTP Fuzzer to further investigate the vulnerabilities discovered.
List of Reports Acunetix Generates:
- Regulatory Compliance Reports
- PCI (Payment Card Industry)
- OWASP Top 10 (2013) (Open Web Application Security Project)
- ISO/IEC 27001
- HIPA (Health insurance Portability and Accountability Act of 1996)
- WASC Threat Classification (Web Application Security Consortium)
- SOX (Sarbanes-Oxley)
- NIST Special Publication 800-53 (for FISMA) (National Institute of Standards and Technology) (The Federal Information Security Management Act)
- DISA-STIG Application Security (Defence Information Systems Agency - Security Technical Implementation Guides)
- 2011 CWE/SANS Top 25 Dangerous Software Errors (Common Weakness Enumeration)
- Executive Report
- Developer Report
How Acunetix WVS Works:
- Crawling - The crawler analyzes the entire website. In the process, it maps out the entire directory structure of the site.
- Vulnerability Scanning - Acunetix WVS launches a range of vulnerability attacks on every page. It runs test against control on each page similar to what hackers would do to attack the website.
- Results - All vulnerabilities found are displayed in the Alerts Node. Each alert contains information about the vulnerability, remediation, steps, CVE, CWE and CVSS information.
- Reporting & Remediation - A variety of different reports can be generated including Executive Summary, Developer Report, Compliance. Reports such as PCI and OWASP.
Comparison with other Web Vulnerability Scanners
Features & Benefits:
- An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications, including flash content, SOAP and AJAX
- Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer, as well as in-depth SQL injection and XSS testing
- Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease, including CAPTCHA, single sign-on and 2FA mechanisms
- Port scans a web server and runs security checks against network services running on the server based on server type and application language
- Extensive reporting facilities including VISA PCI compliance reports
For more references:
Video: What's new in Acunetix Web Vulnerability Scanner v11?
In the headlines: UK surveillance policies leak; DDoS attacks; Australia's Cyber Security Strategy; Facebook hack, and more
Get your FREE Webinar Here