Defend Against Known Application Vulnerabilities

The first step to kick starting your web application security program is to look for known application vulnerabilities. Keeping known vulnerabilities out of your code base prevents attackers from easily exploiting them and running malicious code. Attacks such as SQL injection and Cross-site Scripting are usually much easier to fix than to find them, so educating developers about best practices, defining a security policy and enforcing development security standards are all important approaches when defending against web security vulnerabilities.

Acunetix is a software product for web application security testing which helps you quickly and easily identify known vulnerabilities, as well as vulnerabilities in any website or web application, including sites built with hard-to-scan HTML5 and JavaScript Single Page Applications (SPAs). With Acunetix you can:

• Discover in excess of more than 4,500 security vulnerabilities
• Detect SQL Injection and Cross-site Scripting and all of their variants
• Automatically scan all website files with custom form authentication or other custom access controls and session management

Detect and fix common web application vulnerabilities

There are hundreds of common vulnerabilities your developers need to guard against, so it’s no surprise they might miss a couple. Acunetix can automatically discover thousands of vulnerabilities, including hard-to-detect variants. Acunetix website security scanner identifies more than 4,500 known vulnerabilities including:

• SQL Injection
• Cross-site Scripting (XXS)
• XML External Entity (XXE) injection
• CSRF

Additionally, Acunetix can optionally make use of AcuSensor to examine server-side code during run-time and identify vulnerable lines of code in Java ASP.NET and PHP web applications where the vulnerability originate. What’s more, Acunetix generates almost zero false positives so test results are guaranteed not to throw a wrench in your web application scanning programme.

Improve website security testing with security tools

Make website security testing more robust with a website security scanner that examines your web application from end to end. Acunetix uses both black box and gray box testing and focuses on the complete attack surface of web applications and web services. Plus, Acunetix provides support for managing and resolving web application security issues, not just identifying them.

• Discover critical vulnerabilities such as SQL injection and command injection
• Identifies TLS/SSL vulnerabilities, web server vulnerabilities and other misconfigurations
• Performs a WordPress security scan to identify vulnerabilities in WordPress themes, plugins and WordPress core for known vulnerabilities
• Integrates with web application firewalls and automatically creates protective rules
• Integrates with Issue Trackers such as Atlassian JIRA, GitHub and Microsoft TFS
• Vulnerability management reporting enables defect prioritization and regulatory compliance

Find security vulnerabilities before attackers do with a website security scanner

Code reviews and manual tests aren’t exhaustive enough to find all security vulnerabilities. Apart from relying on the developers and testers recognizing problems, they also don’t scale. Running an easy and quick scan with Acunetix website security scanner to comprehensively probe your site to identify where your application is at risk.

• Crawls all web pages, including those built in HTML5 and JavaScript
• Acts as a Java vulnerability scanner by examining web applications built with popular frameworks including Java frameworks such as Spring, Struts and Java Server Faces (JSF)
• Inspects the the source code of a web application whilst it is in execution thanks to AcuSensor technology
• Replicates user actions to execute scripts just like a browser
• Login Sequence Recorder allows you scan password-protected pages automatically.

Defend Your Entire Attack Surface

Web applications have a large attack surface and security threats can come from anywhere, including third-party code. Vulnerabilities can exist in several layers of an application, be it in the frontend, the backend or even within web server configurations.

With built-in support for exporting discovered vulnerabilities to the most popular security tools such as web application firewalls, you can take automated testing even further. Virtually patching the vulnerabilities in production will give you enough breathing room to fully and carefully undergo remediation.

Additionally, Acunetix can find security issues beyond the typical black-box scanning approach thanks to its AcuSensor gray-box scanning technology. With AcuSensor, Acunetix can automatically examine Java, ASP.NET and PHP server-side code that is being executed. This allows Acunetix to pinpoint the exact line of code where vulnerabilities lie, as well as dramatically reduce an already low false positive rate.

Improve website security testing with security tools

Make website security testing more robust with a website security scanner that examines your web application from end to end. Acunetix uses both black box and gray box testing and focuses on the complete attack surface of web applications and web services. Plus, Acunetix provides support for managing and resolving web application security issues, not just identifying them.

• Discover critical vulnerabilities such as SQL injection and command injection
• Identifies TLS/SSL vulnerabilities, web server vulnerabilities and other misconfigurations
• Performs a WordPress security scan to identify vulnerabilities in WordPress themes, plugins and WordPress core for known vulnerabilities
• Integrates with web application firewalls and automatically creates protective rules
• Integrates with Issue Trackers such as Atlassian JIRA, GitHub and Microsoft TFS
• Vulnerability management reporting enables defect prioritization and regulatory compliance

Scan Network Perimeter Services

Insecure networks perimeters are still the cause of most data breaches. The perimeter is therefore one of the most important areas of your network to secure against vulnerabilities, misconfiguration, and other security threats that could compromise security or availability of network services. Acunetix Online provides you with a perspective of your network perimeter just like an attacker would see it. Use it to:

• Discover open ports and running services
• Test for over 50,000 known network vulnerabilities and misconfigurations

Testing for Network Vulnerabilities

Acunetix scans your network for vulnerabilities and presents results in the Acunetix Online dashboard, from where a network security report can be easily generated.

• Assess security of routers, firewalls, switches and load balancers
• Test for weak passwords: FTP, IMAP, database servers, POP3, Socks, SSH, and Telnet
• Test for DNS zone transfer, open recursive DNS, and DNS cache poisoning attacks
• Test for badly configured proxy servers, weak SNMP community strings and TLS/SSL ciphers, and more

Detecting Network Security Misconfigurations

Acunetix Online can detect a wide array of network security misconfigurations that could lead to sensitive data disclosure, denial of service or even compromise of hosts. Acunetix Online tests for:

• Anonymous FTP access and writable directories over FTP
• Badly configured proxy servers
• Weak SNMP community strings
• Weak TLS/SSL ciphers

Industry leading technology coverage

With Acunetix, security teams can setup scheduled automated scans, to test for thousands of web application vulnerabilities (including SQL Injection, XSS) as well as misconfigurations.

While most penetration testing tools supports legacy technologies, Acunetix takes technology support to the next level with the best-of-breed JavaScript support. Unlike most software, Acunetix has full support for modern Single Page Applications (SPAs) and can understand and fully test applications which rely on JavaScript frameworks like React, Angular, Ember and Vue. This means that unlike most penetration testing software, Acunetix can scan everything from legacy web applications developed on traditional stacks, as well as modern web apps taking advantage of all the latest and greatest technologies.

Speed without sacrificing flexibility

Additionally, unlike many other web and network penetration software, Acunetix is lightning fast. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed and efficiency, allowing it to scan hundreds of thousands of pages without breaking a sweat.

What’s more, Acunetix can save the progress of a scan mid way, pause it, and resume it later on from where it left off entirely automatically. This is a crucial for time boxed pen testing or when scanning enormous web applications with time restrictions.

Integrations with third-party penetration testing software make it easy to move between automatic and manual testing for advanced users who need it. Moreover, vulnerabilities Acunetix discovers may be exported to a wide variety of industry leading Web Application Firewalls (WAFs) such as Imperva SecureSphere and F5 Big-IP ASM.

Easy reporting and Issue Tracker integration

Another issue that Acunetix solves over other web application security software is the ability to instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix allows users to export discovered vulnerabilities to Issue Trackers such as:

• Atlassian JIRA,
• GitHub
• Microsoft Team Foundation Server (TFS).

Vulnerability Management tools in Acunetix

However, Acunetix, unlike conventional vulnerability scanners, not only provides a list of scan results with remediation advice based on best practices, but also provides a suite of vulnerability management tools.

One example of this is that once a vulnerability is found during a scan, Acunetix will automatically catalog it and assign it a status of “Open”.

After the vulnerability gets fixed, Acunetix may be used to re-test the vulnerability to make sure it’s properly fixed, and then automatically marks it as “Closed”, completing the vulnerability management lifecycle.

Generate technical and regulatory reports at the touch of a button

Furthermore, Acunetix allows you to instantly and easily generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix allows users to export vulnerability data to Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS).

Naturally, all of the information Acunetix provides is also available at a glance in the Acunetix Dashboard, and thanks to Acunetix’s multi-user, multi-role capabilities, users can only see what they’re meant to. This, together with multi-engine support is especially useful for large enterprises that need to run a large volume of scans as part of their security program.

Get the most out of your web vulnerability scanner with Acunetix. Try Acunetix online or download it now to try it on premises to gain the insight you need to build and maintain secure web applications.

Fast, flexible, continuous external vulnerability scanning

The modern web is full of complexities, and as such, many other external vulnerability scanners and black box scanners built a decade ago, can’t properly scan, large and complex web applications quickly. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed, efficiency and accuracy, allowing it to complete even the largest external vulnerability scans without breaking a sweat.

What’s more, in Acunetix it’s possible to throttle the speed at which an external vulnerability scan runs, ensuring that even high-traffic sites can be scanned without affecting their performance. You can also schedule external vulnerability scans to run at specific times of a day, week or month, or even define you own custom schedule.

You also have the option of running scans on a continuous basis with Acunetix only running a quick scan every day of the week, with a full scan run once a week. This ensures that any new vulnerabilities that may have been introduced in-between full scans get picked up by Acunetix immediately.

Dead simple Vulnerability Management and reporting

Another problem that Acunetix solves which many other external vulnerability scanners surley lack is the ability to produce great reports. After an external vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix also allows users to export discovered vulnerabilities to third party Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS).

One of the biggest issues with conventional external vulnerability scanners is that they simply show a list of scan results. Acunetix takes a different approach in that once a vulnerability is found during a scan, it is automatically cataloged and assigned a status of Open. After the vulnerability gets fixed, Acunetix may be used to re-test the vulnerability to make sure it’s properly fixed, and then automatically marks it as Closed.

All information is available at a glance in the Acunetix Dashboard. With Acunetix’s multi-user, multi-role capabilities, users can only see what they’re meant to.

Detect a Full Range of WordPress Vulnerabilities

Acunetix is a full-featured WordPress security scanner. Vulnerabilities that Acunetix can discover include:

• Out-of-date WordPress versions, both WordPress core and plugins, that are missing critical security patches
• Malware disguised as 3rd party WordPress plugins and WordPress themes
• Weak passwords that can be used to launch a brute force attack
• Names of WordPress users that can be used to compromise accounts or perform social engineering
• Disclosure of publicly available wp-config.php files
• Susceptibility to XML-RPC brute force attacks

These results can be used by operations and development staff to update and secure existing WordPress installations. If out-of-date or unfamiliar plugins are detected, the team can quickly make educated decisions about whether to update the plugins or remove them from the site. Security teams can also use the findings as a basis for further penetration testing.

Up-to-Date WordPress Vulnerability Database

When information about WordPress security vulnerabilities is released, attackers almost immediately begin to scan for sites with an outdated version of WordPress or with vulnerable plugins. Stopping attackers in their tracks requires both a strong ongoing WordPress security program as well as timely response when vulnerabilities are announced.

From an ongoing perspective, Acunetix allows you to schedule frequent scans of your company’s web presence, enumerate WordPress websites, and focus on instances that need to be updated or decommissioned. The Acunetix Continuous Scanning feature is particularly helpful with WordPress sites. With Continuous Scanning, Acunetix performs a full scan of the website once every week as well as a daily scan for critical vulnerabilities, and sends you those findings immediately. As new vulnerabilities are added to the Acunetix vulnerability database, Continuous Scanning ensures that you are testing for those vulnerabilities as soon as they are known. This keeps you in front of attackers.

Scan reports can then be configured for different audiences to facilitate sharing vital security information and meet regulatory needs such as PCI DSS, HIPAA, or Sarbanes-Oxley. Our user interface allows security analysts to easily configure scans for individual vulnerabilities, allowing the team to quickly and easily identify WordPress sites that need immediate attention.

Content Management Systems and Beyond

Even if your business depends on WordPress websites, it may not be your only web platform now. If it is, it may not be your only one in the future. You may be considering a tool specific to WordPress, but Acunetix is more flexible. It is a full-featured web application security testing tool that will evolve with your infrastructure. It detects security issues in any web application: from CMS platforms like WordPress, Joomla!, and Drupal to custom-built applications.

Furthermore, Acunetix is technology-independent. Whether your web application is built using PHP, Ruby on Rails, Python, JavaScript, or any other language, you can trust Acunetix to enumerate the user input fields and find the vulnerabilities that the attackers are looking for. By choosing Acunetix now, you can ensure that your security team is using a full-featured web application vulnerability scanner, and that your business’s web presence can remain secure through any future plans.