All-in-One Website Security Scanner
Find and detect vulnerabilities at the earliest stage using Acunetix automated web vulnerability scannerFind vulnerabilities in your websites and web APIs
Find vulnerabilities in your websites and web APIs
Highest detection rating of over 4500 vulnerabilities in custom, commercial, and open source apps with nearly 0% false positives.
AcuSensor (IAST) allows you to find and test hidden inputs not discovered during black-box scanning (DAST)
Advanced Crawling & Authentication support gives you the ability to crawl JavaScript websites and SPAs
2. – Founded in 2004
– Pioneer in web application security
– Fully automated Black-box, Gray-
box, Client-side and Out-of-band
web application scanner with one
consolidated view
– Depended on by SMEs and
Enterprises the world over
– Fortune 100, 500 and 1000 customers
www.acunetix.com
3. Product and Service Offering
Acunetix On Premise (Standard and Enterprise)
and Acunetix Online (Enterprise)
– Black-box, Gray-box, Out-of-band testing
– Highly accurate, wide test coverage (4500+ web
application vulnerabilities)
– Vulnerability Management
– Issue Tracker integration and WAF Virtual Patching
– No dependencies, easy to set-up
– Web-based console
– Extensible, highly scalable
www.acunetix.com
4. How it works and what’s
new in v12
www.acunetix.com
5. www.acunetix.com
– Crawler analyzes entire Target starting from
a URL, mapping out entire structure.
– Scanner then tests pages found for
vulnerabilities.
– Reports on vulnerabilities found and
provides remediation
New in v12
– Support for latest JavaScript
– Scan speed up to 2X faster
– AcuSensor technology for JAVA
– Pause / Resume functionality
– Exclusion of locations from crawl
– Password Policy feature
6. www.acunetix.com
Support for latest JavaScript
(New in v12)
– Supports ES6 and ES7.
– Updated Acunetix DeepScan
and the Acunetix Login
Sequence Recorder.
– Better analysis of SPAs.
– Ahead of industry curve.
7. www.acunetix.com
Scan speed up to 2X faster (new
in v12)
– Fastest scanner in the industry.
– 50% decrease in scan time.
– Combined with multi-engine –
1000s of sites scanned in
shortest time.
8. www.acunetix.com
AcuSensor Technology for Java
(new in v12)
– AcuSensor Technology for .NET,
PHP and now JAVA!
– Improves website coverage.
– Better detection of
vulnerabilities.
– Fewer False Positives.
– Provides additional information
on vulnerabilities found.
9. www.acunetix.com
Pause and Resume (New in v12)
– Ability to Pause a Scan.
– Resume Scan at a later stage.
– Acunetix proceeds with scan
from where it left off.
– Information about paused scan
automatically retained in
Acunetix.
10. www.acunetix.com
Exclude Paths (New in v12)
– Exclusion of specific paths
directly from the UI.
– Eliminates need for complex
regular expressions
11. www.acunetix.com
Inbuilt Vulnerability
Management features
– Easily re-scan all Targets (stored in
Acunetix with individual settings).
– Prioritize vulnerabilities by Target’s
business criticality.
– Consolidated reports are stored in the
central interface.
– Select “Target reports”, “Scan reports” or
“All Vulnerabilities” report.
12. www.acunetix.com
– Mark vulnerabilities as Fixed
– Vulnerability Rediscovery let’s you
know that “fixed” vulnerabilities have
been rediscovered
– Continuous Scanning automatically
runs a Quick Scan every day on a
Target, and a Full Scan once a week
13. www.acunetix.com
Out-of-the-box WAF Virtual Patching
Acunetix can export accurate scan results
to automatically configure the following
Web Application Firewalls (WAFs):
– Imperva SecureSphere,
– F5 BIG-IP Application Security Manager
– FortiWeb WAF
15. www.acunetix.com
Reporting
– Web-based interface allows multiple user
access from browser irrespective of OS
used.
– Easily generate a wide variety of
management and compliance reports.
– OWASP Top 10, PCI DSS, ISO27001, HIPAA
– Results can be exported to XML
16. www.acunetix.com
Role-based multi-user system
– Create multiple user accounts.
– Assign users to particular
groups of targets.
– User can create, scan, and
report on the targets assigned,
depending on privileges.
25. Acunetix AcuMonitor
– Hunting for XXE in Uber using Acunetix
AcuMonitor Blind Cross-site Scripting (BXSS / Delayed
XSS) to automatically
– Crawled the REST API endpoint
– Figured out POST vs GET
– Submitted XML even though App returns JSON
– Tests Blind OOB XXE using AcuMonitor
– No separate HTTP server
– No manual sifting of logs
– 26 different Uber domains affected (found using
Google Hacking)
www.acunetix.com
https://www.acunetix.com/blog/articles/hunting-xxe-uber-using-acunetix-acumonitor/
27. Acunetix AcuSensor
– Enables the scanner to run a gray-box scan
– AcuSensor component inspects the source code
of a web application whilst it is in execution
– Shows vulnerable source code line number
– Shows vulnerable source code stack trace
– Shows vulnerable SQL queries
– 100% backend crawl coverage
– 100% verification of 12+ high-severity vulnerabilities
– Analyze server configuration for vulnerabilities
www.acunetix.com
mysqli_query($conn, $sql)
29. AcuSensor is used by
over 30% of Customers
Included as standard in Acunetix
www.acunetix.com
30. Acunetix Partner Program
– Performance-based resale margin
– Access to free NFR & POCs
– Telephone & Email support
– Training videos, Documentation, Webinars, Blog
– Listing on the Acunetix partner page
– Access to leads
– Strong recurrent revenue opportunity
www.acunetix.com
31. Acunetix Academy
Partners and Licensed Users can get
Acunetix certified
–Win customer confidence
–Earn more from service revenue
–Get listed on the Acunetix website
www.acunetix.com