SlideShare a Scribd company logo

Acunetix - Web Vulnerability Scanner

C
Comguard India

Acunetix WVS doesn't just let you see how your website is vulnerable. It also provides information and tools that allow you to test your web applications. It is an important tool for web developers. It's very customizable and, therefore, lends itself to in-depth testing beautifully.

Software
1 of 4
Download to read offline
Audit your Website Security with Acunetix Web Vulnerability Scanner As many as 70% of websites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the compromised site. Firewalls, SSL and Locked-down Servers Are Futile against Web Application Hacking! Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers. Find out if your website is secure before hackers download sensitive data, commit a crime using your website as a launch pad, and endanger your business. Acunetix Web Vulnerability Scanner (WVS) crawls your website, automatically analyzes your web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose your online business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks! Acunetix - A World-Wide Leader in Web Application Security Acunetix has pioneered the web application security scanning technology: Its engineers focused on web security as early as 1997 and developed an engineering lead in website analysis and vulnerability detection. Acunetix Web Vulnerability Scanner includes many innovative features:  Innovative AcuSensor Technology that allows accurate scanning with low false positives, by combining black box scanning techniques with feedback from its sensors placed inside the source code.  An automatic JavaScript analyzer allowing for security testing of Ajax and Web 2.0 applications.  Industry’s most advanced and in-depth SQL injection and Cross site scripting testing.  Visual macro recorder makes testing web forms and password protected areas easy.  Multi-threaded and lightning fast scanner able to crawl hundreds of thousands of pages without interruptions.  Acunetix WVS understands complex web technologies such as SOAP, XML, AJAX and JSON. IS YOUR WEBSITE HACKABLE? Check with Acunetix Web Vulnerability Scanner www.acunetix.com Acunetix Customers: In The Press: ‚Acunetix WVS doesn't just let you see how your website is vulnerable. It also provides information and tools that allow you to test your web applica- tions. It is an important tool for web developers. It's very customizable and, therefore, lends itself to in-depth test- ing beautifully .‛ Help Net Security
In-depth Checking for SQL Injection and Cross Site Scripting (XSS) Vulnerabilities Acunetix WVS checks for all web vulnerabilities including SQL injection, Cross site scripting and many others. SQL injection is a hacking technique which modifies SQL queries in order to gain access to data in the database. Cross -site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser. Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with which the scanner launches SQL injection, Cross Site scripting and other attacks. Innovative AcuSensor Technology Guarantees Low False Positives Acunetix has a state of the art vulnerability detection engine that comes with the pioneering AcuSensor Technology. This is a unique security technology that quickly finds vulnerabilities with a low number of false positives, indicates where the vulnerability is in the code and reports debug information. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion, Authentication vulnerabilities and much more. Scan AJAX and Web 2.0 Technologies for Vulnerabilities The state of the art CSA (client script analyzer) Engine allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications. Acunetix WVS understands SOAP, XML, AJAX and JSON. Test Password Protected Areas and Web Forms with Automatic Web Form Filler Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test such pages. Not so with Acunetix: Using the macro recording tool Login Sequence Recorder, you can record a login sequence, form filling process or a specific crawling sequence. The scanner will replay this sequence during the scan process and fill in web forms and log on to password protected areas automatically. Schedule Scans of Multiple Websites at Anytime, Anywhere Acunetix offers you the possibility of scanning up to 10 websites simultaneously, by launching multiple instances of the scanner, on the same computer. The scanning performance is therefore significantly increased. You may decide to schedule the scans when the website is less busy, for example at night. Furthermore, a web portal allows you to log in, schedule the scans and retrieve the results from anywhere at any time. Detailed Reports Enable You to Meet Legal and Regulatory Compliance Acunetix Web Vulnerability Scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the PCI DSS Data Compliance requirements. It also reports whether any vulnerabilities from the OWASP Top 10 are found. OWASP is a web application security organisation that publishes the top 10 web vulnerabilities on the internet. Acunetix checks if your web application is compliant with the NIST Special Publication 800-53, as well as the DISA Application Security and Development STIG guidelines. There is also a report which shows whether you website has any errors listed in the CWE/SANS Top 25 Most Dangerous Software Errors. Analyzes Your Website Against the Google Hacking Database The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive information on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your website and identifies sensitive data or exploitable targets before a ‚search engine hacker‛ does. www.acunetix.com WEB APPLICATION SECURITY Acunetix performs automated attacks and displays vulnerabilities found. Acunetix crawls website automatically and displays website structure. Extensive reporting including VISA PCI compli- ance. Wizard makes launching scans quick and easy. Example of scan results.
Automatic Custom 404 Error Page Identification Acunetix WVS 8 can automatically determine if a custom error page is in use, and identifies it without needing any recognition patterns to be configured before the scan. Auto-configuration of a Web Application Firewall Acunetix WVS can automatically create the appropriate Web Application Firewall rules to protect your web application against attacks targeting vulnerabilities that Acunetix finds. This allows you to continue using your web application in a secure manner until you are able to fix the vulnerabilities at the code level. Currently Acunetix supports the popular Imperva Web Application Firewall. Port Scanning and Network Alerts Acunetix Web Vulnerability Scanner also runs an optional port scan against the web server where the website is hosted and automatically identifies the network service running on an open port, launching a series of network security tests against that network service. Customized network alerts can also be developed by following detailed SDK documentation provided by Acunetix. The security checks that ship with the product are: Test for weak passwords on FTP, IMAP, SQL servers, POP3, Socks, SSH, Telnet and other DNS server vulnerabilities like Open Zone Transfer, Open Recursion, Cache Poisoning, as well as, FTP access tests such as if anonymous access is allowed and list of writable FTP directories, security checks for badly configured Proxy Servers, checks for weak SNMP Community String, checks for weak SSL ciphers, and many other sophisticated security checks! Advanced Penetration Testing Tools Included In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security audits:  HTTP Editor - Construct HTTP/HTTPS requests and analyze the web server response.  HTTP Sniffer - Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application.  HTTP Fuzzer - Perform sophisticated fuzzing tests, in order to test web applications input validation and handling of unexpected and invalid random data. Test thousands of input parameters with the easy to use rule builder of the HTTP Fuzzer. Tests that would have taken days to perform manually can now be done in minutes.  Script your own custom web vulnerability attacks with the WVS Scripting tool. A scripting SDK documentation is available from the Acunetix website.  Blind SQL Injector - An automated database data extraction tool that is ideal for penetration testers who wish to make further tests manually. More Advanced Features  Detect HTTP Parameter Pollution (HPP) vulnerabilities.  Support for custom HTTP headers in automated scans.  Support for multiple HTTP authentication credentials.  Scanning profiles to easily scan websites with different scan options and identities.  Custom report generator.  Compare scans and find differences with previous scans.  Easily re-audit website changes with rescan functionality.  Support for CAPTCHA, Single Sign-On and Two Factor authentication mechanisms.  Detects directories with weak permissions and if dangerous HTTP methods are enabled. www.acunetix.com WEB APPLICATION SECURITY ‚Acunetix WVS has played a very im- portant role in identification and miti- gation of web apps vulnerabilities. Acunetix has proven itself and is worth the cost.‛ Mr Rodgers IT Security Team U.S. Air Force ‘’Acunetix is a key point in our applica- tion's security strategy, it's integrated with the QA process, allowing us a cost effective way of detecting flaws that can be solved early within the development life cycle.’’ Petro Anduja ING Direct Spain ‚As a penetration tester, Acunetix WVS makes the most tedious and recurring tasks a breeze, cutting down on time requirement and raising the quality of the test.‛ Thierry Zoller Telindus PSF Luxembourg ‚The issues detected were of major impact; if hackers would have found the security holes, they could have hacked an entire Joomla! Site.‛ Robin Muilvijk, member of the Quality & Testing Team, Joomla! ‚The use of Acunetix WVS has allowed us to schedule regular automated scans on a host of sites under the Betfair Group umbrella, providing in- valuable visibility in capturing website vulnerabilities early in the SDLC.‛ Jan Ettles Betfair.com United Kingdom ‚In addition to traditional web applica- tion security testing, Acunetix has proven its power and flexibility to quickly identify major risks in an envi- ronment such as SharePoint, PKI and Citrix.’’ Serge Faller Datalynx AG Switzerland
Acunetix - Web Vulnerability Scanner

Recommended

#Acunetix #product #presentation
#Acunetix #product #presentation#Acunetix #product #presentation
#Acunetix #product #presentationCheer Chain Enterprise Co., Ltd.
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Introduction vulnérabilité web
Introduction vulnérabilité webIntroduction vulnérabilité web
Introduction vulnérabilité webdavystoffel
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Support de cours entrepise java beans ejb m.youssfi
Support de cours entrepise java beans ejb m.youssfiSupport de cours entrepise java beans ejb m.youssfi
Support de cours entrepise java beans ejb m.youssfiENSET, Université Hassan II Casablanca
 
Rapport DVWA: CSRF
Rapport DVWA: CSRFRapport DVWA: CSRF
Rapport DVWA: CSRFAyoub Rouzi
 
Mohamed youssfi support architectures logicielles distribuées basées sue les ...
Mohamed youssfi support architectures logicielles distribuées basées sue les ...Mohamed youssfi support architectures logicielles distribuées basées sue les ...
Mohamed youssfi support architectures logicielles distribuées basées sue les ...ENSET, Université Hassan II Casablanca
 

Recommended

#Acunetix #product #presentation
#Acunetix #product #presentation#Acunetix #product #presentation
#Acunetix #product #presentationCheer Chain Enterprise Co., Ltd.
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Introduction vulnérabilité web
Introduction vulnérabilité webIntroduction vulnérabilité web
Introduction vulnérabilité webdavystoffel
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Support de cours entrepise java beans ejb m.youssfi
Support de cours entrepise java beans ejb m.youssfiSupport de cours entrepise java beans ejb m.youssfi
Support de cours entrepise java beans ejb m.youssfiENSET, Université Hassan II Casablanca
 
Rapport DVWA: CSRF
Rapport DVWA: CSRFRapport DVWA: CSRF
Rapport DVWA: CSRFAyoub Rouzi
 
Mohamed youssfi support architectures logicielles distribuées basées sue les ...
Mohamed youssfi support architectures logicielles distribuées basées sue les ...Mohamed youssfi support architectures logicielles distribuées basées sue les ...
Mohamed youssfi support architectures logicielles distribuées basées sue les ...ENSET, Université Hassan II Casablanca
 
Securité des applications web
Securité des applications webSecurité des applications web
Securité des applications webMarcel TCHOULEGHEU
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCCSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCSuvash Shah
 
Vulnérabilité des sites web
Vulnérabilité des sites webVulnérabilité des sites web
Vulnérabilité des sites webSaid Sadik
 
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...ENSET, Université Hassan II Casablanca
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integrationOleksandr Semenov
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Spring Boot and REST API
Spring Boot and REST APISpring Boot and REST API
Spring Boot and REST API07.pallav
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Support JEE Spring Inversion de Controle IOC et Spring MVC
Support JEE Spring Inversion de Controle IOC et Spring MVCSupport JEE Spring Inversion de Controle IOC et Spring MVC
Support JEE Spring Inversion de Controle IOC et Spring MVCENSET, Université Hassan II Casablanca
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template InjectionVandana Verma
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 
Api security
Api security Api security
Api security teodorcotruta
 
Top 10 Web Vulnerability Scanners
Top 10 Web Vulnerability ScannersTop 10 Web Vulnerability Scanners
Top 10 Web Vulnerability Scannerswensheng wei
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 

More Related Content

What's hot

Securité des applications web
Securité des applications webSecurité des applications web
Securité des applications webMarcel TCHOULEGHEU
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCCSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCSuvash Shah
 
Vulnérabilité des sites web
Vulnérabilité des sites webVulnérabilité des sites web
Vulnérabilité des sites webSaid Sadik
 
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...ENSET, Université Hassan II Casablanca
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integrationOleksandr Semenov
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Spring Boot and REST API
Spring Boot and REST APISpring Boot and REST API
Spring Boot and REST API07.pallav
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template InjectionVandana Verma
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 

What's hot (20)

Securité des applications web
Securité des applications webSecurité des applications web
Securité des applications web
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCCSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
 
Vulnérabilité des sites web
Vulnérabilité des sites webVulnérabilité des sites web
Vulnérabilité des sites web
 
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
Support de cours EJB 3 version complète Par Mr Youssfi, ENSET, Université Ha...
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integration
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Spring Boot and REST API
Spring Boot and REST APISpring Boot and REST API
Spring Boot and REST API
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Support JEE Spring Inversion de Controle IOC et Spring MVC
Support JEE Spring Inversion de Controle IOC et Spring MVCSupport JEE Spring Inversion de Controle IOC et Spring MVC
Support JEE Spring Inversion de Controle IOC et Spring MVC
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template Injection
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Api security
Api security Api security
Api security
 

Similar to Acunetix - Web Vulnerability Scanner

Top 10 Web Vulnerability Scanners
Top 10 Web Vulnerability ScannersTop 10 Web Vulnerability Scanners
Top 10 Web Vulnerability Scannerswensheng wei
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting toolBhagyashri Chalakh
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security toolsNico Penaredondo
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Wlad1m1r
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Web vulnerability scanner getting start
Web vulnerability scanner getting startWeb vulnerability scanner getting start
Web vulnerability scanner getting start_U2_
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consultingguest4cee27ac
 
Acunetix Training and ScanAssist
Acunetix Training and ScanAssistAcunetix Training and ScanAssist
Acunetix Training and ScanAssistBryan Ferrario
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks Array Networks
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
Brochure Swascan Overview
Brochure Swascan OverviewBrochure Swascan Overview
Brochure Swascan OverviewSara Colnago
 

Similar to Acunetix - Web Vulnerability Scanner (20)

Top 10 Web Vulnerability Scanners
Top 10 Web Vulnerability ScannersTop 10 Web Vulnerability Scanners
Top 10 Web Vulnerability Scanners
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
T04505103106
T04505103106T04505103106
T04505103106
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting tool
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Web vulnerability scanner getting start
Web vulnerability scanner getting startWeb vulnerability scanner getting start
Web vulnerability scanner getting start
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consulting
 
Acunetix Training and ScanAssist
Acunetix Training and ScanAssistAcunetix Training and ScanAssist
Acunetix Training and ScanAssist
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
 
Brochure Swascan Overview
Brochure Swascan OverviewBrochure Swascan Overview
Brochure Swascan Overview
 
Swascan
Swascan Swascan
Swascan
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 

Recently uploaded

Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...Bert Jan Schrijver
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 

Recently uploaded (20)

Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 

Acunetix - Web Vulnerability Scanner

  • 1. Audit your Website Security with Acunetix Web Vulnerability Scanner As many as 70% of websites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the compromised site. Firewalls, SSL and Locked-down Servers Are Futile against Web Application Hacking! Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers. Find out if your website is secure before hackers download sensitive data, commit a crime using your website as a launch pad, and endanger your business. Acunetix Web Vulnerability Scanner (WVS) crawls your website, automatically analyzes your web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose your online business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks! Acunetix - A World-Wide Leader in Web Application Security Acunetix has pioneered the web application security scanning technology: Its engineers focused on web security as early as 1997 and developed an engineering lead in website analysis and vulnerability detection. Acunetix Web Vulnerability Scanner includes many innovative features:  Innovative AcuSensor Technology that allows accurate scanning with low false positives, by combining black box scanning techniques with feedback from its sensors placed inside the source code.  An automatic JavaScript analyzer allowing for security testing of Ajax and Web 2.0 applications.  Industry’s most advanced and in-depth SQL injection and Cross site scripting testing.  Visual macro recorder makes testing web forms and password protected areas easy.  Multi-threaded and lightning fast scanner able to crawl hundreds of thousands of pages without interruptions.  Acunetix WVS understands complex web technologies such as SOAP, XML, AJAX and JSON. IS YOUR WEBSITE HACKABLE? Check with Acunetix Web Vulnerability Scanner www.acunetix.com Acunetix Customers: In The Press: ‚Acunetix WVS doesn't just let you see how your website is vulnerable. It also provides information and tools that allow you to test your web applica- tions. It is an important tool for web developers. It's very customizable and, therefore, lends itself to in-depth test- ing beautifully .‛ Help Net Security
  • 2. In-depth Checking for SQL Injection and Cross Site Scripting (XSS) Vulnerabilities Acunetix WVS checks for all web vulnerabilities including SQL injection, Cross site scripting and many others. SQL injection is a hacking technique which modifies SQL queries in order to gain access to data in the database. Cross -site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser. Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with which the scanner launches SQL injection, Cross Site scripting and other attacks. Innovative AcuSensor Technology Guarantees Low False Positives Acunetix has a state of the art vulnerability detection engine that comes with the pioneering AcuSensor Technology. This is a unique security technology that quickly finds vulnerabilities with a low number of false positives, indicates where the vulnerability is in the code and reports debug information. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion, Authentication vulnerabilities and much more. Scan AJAX and Web 2.0 Technologies for Vulnerabilities The state of the art CSA (client script analyzer) Engine allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications. Acunetix WVS understands SOAP, XML, AJAX and JSON. Test Password Protected Areas and Web Forms with Automatic Web Form Filler Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test such pages. Not so with Acunetix: Using the macro recording tool Login Sequence Recorder, you can record a login sequence, form filling process or a specific crawling sequence. The scanner will replay this sequence during the scan process and fill in web forms and log on to password protected areas automatically. Schedule Scans of Multiple Websites at Anytime, Anywhere Acunetix offers you the possibility of scanning up to 10 websites simultaneously, by launching multiple instances of the scanner, on the same computer. The scanning performance is therefore significantly increased. You may decide to schedule the scans when the website is less busy, for example at night. Furthermore, a web portal allows you to log in, schedule the scans and retrieve the results from anywhere at any time. Detailed Reports Enable You to Meet Legal and Regulatory Compliance Acunetix Web Vulnerability Scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the PCI DSS Data Compliance requirements. It also reports whether any vulnerabilities from the OWASP Top 10 are found. OWASP is a web application security organisation that publishes the top 10 web vulnerabilities on the internet. Acunetix checks if your web application is compliant with the NIST Special Publication 800-53, as well as the DISA Application Security and Development STIG guidelines. There is also a report which shows whether you website has any errors listed in the CWE/SANS Top 25 Most Dangerous Software Errors. Analyzes Your Website Against the Google Hacking Database The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive information on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your website and identifies sensitive data or exploitable targets before a ‚search engine hacker‛ does. www.acunetix.com WEB APPLICATION SECURITY Acunetix performs automated attacks and displays vulnerabilities found. Acunetix crawls website automatically and displays website structure. Extensive reporting including VISA PCI compli- ance. Wizard makes launching scans quick and easy. Example of scan results.
  • 3. Automatic Custom 404 Error Page Identification Acunetix WVS 8 can automatically determine if a custom error page is in use, and identifies it without needing any recognition patterns to be configured before the scan. Auto-configuration of a Web Application Firewall Acunetix WVS can automatically create the appropriate Web Application Firewall rules to protect your web application against attacks targeting vulnerabilities that Acunetix finds. This allows you to continue using your web application in a secure manner until you are able to fix the vulnerabilities at the code level. Currently Acunetix supports the popular Imperva Web Application Firewall. Port Scanning and Network Alerts Acunetix Web Vulnerability Scanner also runs an optional port scan against the web server where the website is hosted and automatically identifies the network service running on an open port, launching a series of network security tests against that network service. Customized network alerts can also be developed by following detailed SDK documentation provided by Acunetix. The security checks that ship with the product are: Test for weak passwords on FTP, IMAP, SQL servers, POP3, Socks, SSH, Telnet and other DNS server vulnerabilities like Open Zone Transfer, Open Recursion, Cache Poisoning, as well as, FTP access tests such as if anonymous access is allowed and list of writable FTP directories, security checks for badly configured Proxy Servers, checks for weak SNMP Community String, checks for weak SSL ciphers, and many other sophisticated security checks! Advanced Penetration Testing Tools Included In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security audits:  HTTP Editor - Construct HTTP/HTTPS requests and analyze the web server response.  HTTP Sniffer - Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application.  HTTP Fuzzer - Perform sophisticated fuzzing tests, in order to test web applications input validation and handling of unexpected and invalid random data. Test thousands of input parameters with the easy to use rule builder of the HTTP Fuzzer. Tests that would have taken days to perform manually can now be done in minutes.  Script your own custom web vulnerability attacks with the WVS Scripting tool. A scripting SDK documentation is available from the Acunetix website.  Blind SQL Injector - An automated database data extraction tool that is ideal for penetration testers who wish to make further tests manually. More Advanced Features  Detect HTTP Parameter Pollution (HPP) vulnerabilities.  Support for custom HTTP headers in automated scans.  Support for multiple HTTP authentication credentials.  Scanning profiles to easily scan websites with different scan options and identities.  Custom report generator.  Compare scans and find differences with previous scans.  Easily re-audit website changes with rescan functionality.  Support for CAPTCHA, Single Sign-On and Two Factor authentication mechanisms.  Detects directories with weak permissions and if dangerous HTTP methods are enabled. www.acunetix.com WEB APPLICATION SECURITY ‚Acunetix WVS has played a very im- portant role in identification and miti- gation of web apps vulnerabilities. Acunetix has proven itself and is worth the cost.‛ Mr Rodgers IT Security Team U.S. Air Force ‘’Acunetix is a key point in our applica- tion's security strategy, it's integrated with the QA process, allowing us a cost effective way of detecting flaws that can be solved early within the development life cycle.’’ Petro Anduja ING Direct Spain ‚As a penetration tester, Acunetix WVS makes the most tedious and recurring tasks a breeze, cutting down on time requirement and raising the quality of the test.‛ Thierry Zoller Telindus PSF Luxembourg ‚The issues detected were of major impact; if hackers would have found the security holes, they could have hacked an entire Joomla! Site.‛ Robin Muilvijk, member of the Quality & Testing Team, Joomla! ‚The use of Acunetix WVS has allowed us to schedule regular automated scans on a host of sites under the Betfair Group umbrella, providing in- valuable visibility in capturing website vulnerabilities early in the SDLC.‛ Jan Ettles Betfair.com United Kingdom ‚In addition to traditional web applica- tion security testing, Acunetix has proven its power and flexibility to quickly identify major risks in an envi- ronment such as SharePoint, PKI and Citrix.’’ Serge Faller Datalynx AG Switzerland