 |
|
| |
| |
| |
| |
|
|
|
|
 |
|
Audit your website security with Acunetix Web Vulnerability Scanner
|
| Hackers are concentrating their efforts on attacking applications
in your website: 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Web applications are accessible 24
hours a day, 7 days a week and control sensitive data such as customer details, credit card numbers and proprietary corporate data |
|
|
Firewalls, SSL and locked-down servers are futile against web application hacking
|
| Any defense at network security level will provide no
protection against web application attacks since they are launched on port 80 – which has to remain open. In addition, web applications are
often tailor-made, therefore tested less than off-the-shelf software, and are more likely to have undiscovered vulnerabilities. Manually auditing a
website for vulnerabilities is virtually impossible - it needs to be done automatically and regularly.
|
|
|
Acunetix WVS automatically checks your web applications for SQL Injection, XSS other web vulnerabilities
|
• Ensures your website is secure against web attacks
• Automatically checks for SQL injection & Cross site scripting vulnerabilities
• Checks password strength on authentication pages (HTTP or HTML forms)
• Automatically audits shopping carts, forms, dynamic content and other web applications
• Creates professional website security audit reports
|
 |
| Automatically detects SQL injection, cross site scripting and other web vulnerabilities
|
| SQL injection is a hacking technique
which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious
script on your visitor?s browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More
information about SQL injection and cross site scripting at our web site security centre. |
|
| Other detected Web Vulnerbilities |
- CRLF injection attacks
- Code execution attacks
- Directory traversal attacks
- File inclusion attacks
- Authentication attacks
|
| Detects Google hacking vulnerabilities |
| Google hacking is the term used for a hacker
trying to find exploitable targets and sensitive data by entering queries in search engines. The Google Hacking Database (GHDB) contains queries
that identify sensitive data such as portal logon pages, logs with network security information, and so on. Acunetix launches all the Google
hacking database queries onto the crawled content of your web site, to find any sensitive data or exploitable targets before
a “search engine hacker” does. The Google hacking feature is a unique, industry first feature.
|
|
| Report Generator |
| With the report generator you can quickly create reports which
specify the vulnerabilities detected and suggests what can be done to resolve them. Furthermore, all scan sessions can be saved to
a MS SQL Server or Access database for custom reporting purposes.
|
|
| Extend attacks with the HTTP editor & sniffer |
| With the HTTP editor, you can construct HTTP/HTTPS requests
and analyze the web server responses. Use it to perform custom SQL injection and cross site scripting attacks. With the HTTP
sniffer you can log, intercept and modify all HTTP/HTTPS traffic, giving you an in-depth insight into what data your web application is sending
|
|
| HTTP fuzzer – Automated, rule based variable testing |
|
The HTTP fuzzer tool allows you to create rules to automatically test for buffer overflows & input validation.
For example, using the HTTP fuzzer you could create a rule which replaces the variable part in a URL
with the numbers 1 – 999. This way you could launch a 1000 queries, only checking meaningful results, saving a great deal
of time compared to manual testing.
|
|
| Crawl password protected areas |
|
Acunetix Web Vulnerability Scanner can be configured to scan password protected sections of the website with one or more
user/password combinations. Using the login sequence tool, which works similarly to a macro recorder, one can easily configure the path the
scanner must crawl, including links it should not follow, such as a logout link.
|
| Automatic HTML form filler |
|
The HTML form filler allows you to configure different inputs that you want the web scanner to give when it encounters
an HTML form. This way you can automatically test how your website behaves for different types of inputs.
|
| Other Features |
- Test password strength of login pages by launching a dictionary attack
- Create custom web attack & check or modify existing ones with the Vulnerability editor
- Supports all major web technologies, including ASP, ASP.NET, PHP and CGI
- Use different scanning profiles to scan websites with different identity and scan options
- Compare scans & find differences with previous scans and discover new vulnerabilities
- Easily re-audit website changes
- Crawl & interpret Flash files
- Automatic Custom error page detection
- Discovers directories with weak permissions
- Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE) and inspects the HTTP
version banners for vulnerable products. |
| System Requirements |
| Windows 2000/2003 or Windows XP, Internet Explorer 5.1 or higher, MS SQL
Server/Access if database is enabled, 200MB of hard disk space.
|
|
|
|
|
