|Security Assessment and Management|
IS YOUR WEBSITE HACKABLE?
Check with Acunetix Web Vulnerability Scanner
Audit your website security with Acunetix Web Vulnerability Scanner
As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.
Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the attacked site. A victim’s website can be used to launch criminal activities such as hosting phishing sites or to transfer illicit content, while abusing the website’s bandwidth and making its owner liable for these unlawful acts.
Firewalls, SSL and locked-down servers are futile against web application hacking!
Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.
Find out if your web site is secure before hackers download sensitive data, commit a crime using your web site as a launch pad, and endanger your business. Acunetix Web Vulnerability Scanner crawls your web site, automatically analyzes your web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose your on line business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!
Acunetix Web Vulnerability Scanner includes many innovative features:
In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities with the innovative AcuSensor Technology:
Acunetix WVS checks for all web vulnerabilities including SQL injection, Cross site scripting and many others. SQL injection is a hacking technique which modifies SQL queries in order to gain access to data in the database. Cross -site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.
Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks.
Acunetix has a state of the art vulnerability detection engine that comes with the pioneering AcuSensor Technology. This is a unique security technology that quickly finds vulnerabilities with a low number of false positives, indicates where the vulnerability is in the code and reports debug information. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion, Authentication vulnerabilities and others.
Scan AJAX and Web 2.0 Technologies for vulnerabilities:
The state of the art CSA (client script analyzer) Engine allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications and find web vulnerabilities.
Port Scanning and Network Alerts:
Acunetix Web Vulnerability Scanner also runs an optional port scan against the web server where the website is hosted and automatically identifies the network service running on an open port, launching a series of network security tests against that network service. Customized network alerts can also be developed by following detailed SDK documentation provided by Acunetix.
The security checks that ship with the product are: Test for weak passwords on FTP, IMAP, SQL servers, POP3, Socks, SSH, Telnet and other DNS server vulnerabilities like Open Zone Transfer, Open Recursion, Cache Poisoning, as well as, FTP access tests such as if anonymous access is allowed and list of writable FTP directories, security checks for badly configured Proxy Servers, checks for weak SNMP Community String, checks for weak SSL ciphers, and many other sophisticated security checks!
Detailed reports enable you to meet Legal and Regulatory Compliance:
Acunetix Web Vulnerability Scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new PCI DSS Data Compliance requirements amongst many others.
Analyzes your site against the Google Hacking Database:
The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive information on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.
Test password protected areas and web forms with Automatic web form filler:
Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test such pages. Not so with Acunetix: Using the macro recording tool Login Sequence Recorder, you can record a login sequence, form filling process or a specific crawling sequence. The scanner will replay this sequence during the scan process and fill in web forms and log on to password protected areas automatically.
Advanced penetration testing tools included:
In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security audits:
Many more advanced features: