Audit your website security with Acunetix Web Vulnerability Scanner
As many as 70% of websites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card informationand customer lists. Hackers are concentrating their efforts on web-basedapplications - shopping carts, forms, login pages, dynamic content, etc.Accessible 24/7 from anywhere in the world, insecure web applications provideeasy access to backend corporate databases and also allow hackers to perform illegalactivities using the compromised site.
Web application attacks, launched on port 80/443, gostraight through the firewall, past the operating system and network levelsecurity, and right into the heart of your application and corporate data.Tailor-made web applications are often insufficiently tested, have undiscoveredvulnerabilities and are therefore easy prey for hackers.
Find out if your website is secure before hackers download sensitivedata, launch criminal activity from your website and endanger your business.Acunetix Web Vulnerability Scanner (WVS) crawls your website, automaticallyanalyzes your web applications and finds perilous SQL injection, Cross-SiteScripting and other vulnerabilities that expose your online business. Concise reportsidentify where web applications need to be fixed, thus enabling you to protectyour business from impending hacker attacks!
Acunetix Web Vulnerability Scanner Includes Many Innovative Features
- AcuSensor Technology allows accurate scanning with low false positives, by combining black box scanning techniques with feedback from its sensors placed inside the source code.
- Industry’s most advanced and in-depth SQL injection and Cross-Site Scripting testing.
- Login Sequence Recorder makes testing web forms and password protected areas easy.
- Multi-threaded and lightning fast scanner able to crawl hundreds of thousands of pages without interruptions.
- Acunetix DeepScan understands complex web technologies such as SOAP, XML, AJAX and JSON.
- In-depth checking for SQL Injection and Cross-Site Scripting (XSS) Vulnerabilities
Acunetix WVS checks for all web vulnerabilities including SQL injection, Cross-Site Scripting and many others. SQL injection is a hacking technique which modifies SQL queries in order to gain access to data in the database. Cross-Site Scripting attacks allow a hacker to execute a malicious script on your visitor’s browser. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with which the scanner launches them. Acunetix sophisticated scanning engine guarantees the highest rate of vulnerability detection including DOM-based XSS vulnerabilities.
- Innovative AcuSensor Technology Guarantees Low False Positives
Acunetix includes unique AcuSensor Technology that analyzes code as it gets executed, resulting in higher detection rate, and importantly elimination of false positives. Furthermore, AcuSensor technology is able to indicate where the vulnerability is in the code and report debug information. AcuSensor not only finds more vulnerabilities, but will save valuable time for your security and development teams.
- DeepScan Technology Scans Most Content
- Scan AJAX and Web 2.0 Technologies for Vulnerabilities
The CSA Engine allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications. Acunetix WVS understands SOAP and XML, tests for vulnerabilities in AJAX and JSON request data, as well as web applications developed using Google Web Toolkit.
- Test Password Protected Areas and Web Forms with Automatic Form Filler
Acunetix is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test such pages. Not so with Acunetix: Using the macro recording tool Login Sequence Recorder, you can record a login sequence, form filling process or a specific crawling sequence. The scanner will replay this sequence during the scan process, fill in web forms and log on to password protected areas automatically.
- Auto-Configuration of Web Application Firewall
Acunetix WVS can automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that Acunetix finds. This allows you to continue using your web application in a secure manner until you are able to fix the vulnerabilities at code level.
- Advanced Network Level Scanning
Part of a Website audit is a network level audit against any operating system vulnerabilities. An online scanning engine integrates the popular OpenVAS scanner to identify the highest number of network level vulnerabilities. Acunetix will test for weak passwords, insecure web server configuration, directories with weak permissions, DNS server vulnerabilities, FTP access tests, badly configured Proxy Servers, weak SSL ciphers, and many other sophisticated security checks!
- WordPress Vulnerability Scanning
Acunetix identifies WordPress installations and will launch WordPress specific security checks to ensure your website is secure including detection of vulnerable plugins and themes, weak passwords, mal configuration of WordPress (username enumeration, WP config backup files), Malware disguised as plugins and old versions of plugins. Similar checks are also performed on other Content Management Systems such as Joomla and
- Advanced Penetration Testing Tools Included
Acunetix includes advanced tools for penetration testers to further their security audits:
· HTTP Editor - Construct HTTP/HTTPS requests to analyze the web server response.
· HTTP Sniffer - Intercept, log and modify HTTP/HTTPS traffic sent by web application.
· HTTP Fuzzer - Perform sophisticated fuzzing tests with thousands of input parameters using the rule builder and test input validation of web applications and handling of invalid/random data.
· Blind SQL Injector - An automated database data extraction tool.
- More Advanced Features
· Automatic Custom 404 Error Page & rewrite rule identification.
· HTTP Parameter Pollution (HPP) vulnerability detection.
· Supports custom HTTP headers in automated scans.
· Supports multiple HTTP authentication credentials.
· Support for CAPTCHA, Single Sign-On and Two Factor authentication mechanisms.
· Customize list of false positives & script custom web attacks.
· Automate File Upload Forms vulnerability testing.
· Locates CRLF injection, Code execution, Directory Traversal, File inclusion, Google Hacking Database and Authentication vulnerabilities.
· Scanning profiles to scan websites with different scan options and identities.
· Compare scans and find differences with previous scans.
· Easily re-audit vulnerability fixes with rescan functionality.