Audit your website security with Acunetix Web Security Scanner
As many as 70% of websites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the compromised site.
Web application attacks, launched on port 80/443, go straight through the firewall, past the operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.
Find out if your website is secure before hackers download sensitive data, launch criminal
activity from your website and endanger your business. Acunetix Web Vulnerability Scanner (WVS) crawls your website, automatically analyzes your web applications and finds perilous SQL injection, Cross-Site Scripting and other vulnerabilities that expose your online business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!
Acunetix Web Vulnerability Scanner Includes Many Innovative Features
· AcuSensor Technology allows accurate scanning with low false positives, by combining
black box scanning techniques with feedback from its sensors placed inside the source
· Industry’s most advanced and in-depth SQL injection and Cross-Site Scripting testing.
· Login Sequence Recorder makes testing web forms and password protected areas easy.
· Multi-threaded and lightning fast scanner able to crawl hundreds of thousands of pages
· Acunetix DeepScan understands complex web technologies such as SOAP, XML, AJAX
In-depth checking for SQL Injection and Cross-Site Scripting (XSS) Vulnerabilities
Acunetix WVS checks for all web vulnerabilities including SQL injection, Cross-Site Scripting
and many others. SQL injection is a hacking technique which modifies SQL queries in
order to gain access to data in the database. Cross-Site Scripting attacks allow a hacker
to execute a malicious script on your visitor’s browser. Paramount to web vulnerability
scanning is not the number of attacks that a scanner can detect, but the complexity and
thoroughness with which the scanner launches them. Acunetix sophisticated scanning
engine guarantees the highest rate of vulnerability detection including DOM-based XSS
Innovative AcuSensor Technology Guarantees Low False Positives
Acunetix includes unique AcuSensor Technology that analyzes code as it gets executed,
resulting in higher detection rate, and importantly elimination of false positives.
Furthermore, AcuSensor technology is able to indicate where the vulnerability is in the
code and report debug information. AcuSensor not only finds more vulnerabilities, but
will save valuable time for your security and development teams.
DeepScan Technology Scans Most Content
Acunetix DeepScan Technology, which includes the state-of-the-art CSA (Client Script
By being able to find the largest amount of web content and understand it (including
Single Page Application sites) Acunetix can detect the highest number of vulnerabilities.
Scan AJAX and Web 2.0 Technologies for Vulnerabilities
The CSA Engine allows you to comprehensively scan the latest and most complex
AJAX / Web 2.0 web applications. Acunetix WVS understands SOAP and XML, tests for
vulnerabilities in AJAX and JSON request data, as well as web applications developed
using Google Web Toolkit.
Test Password Protected Areas and Web Forms with Automatic Form Filler
Acunetix is able to automatically fill in web forms and authenticate against web logins.
Most web vulnerability scanners are unable to do this or require complex scripting to test
such pages. Not so with Acunetix: Using the macro recording tool Login Sequence Recorder, you can record a login sequence, form filling process or a specific crawling sequence.
The scanner will replay this sequence during the scan process, fill in web forms and log
on to password protected areas automatically.
Auto-Configuration of Web Application Firewall
Acunetix WVS can automatically create the appropriate Web Application Firewall rules
to protect web applications against attacks targeting vulnerabilities that Acunetix finds.
This allows you to continue using your web application in a secure manner until you
are able to fix the vulnerabilities at code level.
Advanced Network Level Scanning
Part of a Website audit is a network level audit against any operating system
vulnerabilities. An online scanning engine integrates the popular OpenVAS scanner
to identify the highest number of network level vulnerabilities. Acunetix will test for
weak passwords, insecure web server configuration, directories with weak permissions,
DNS server vulnerabilities, FTP access tests, badly configured Proxy Servers, weak SSL
ciphers, and many other sophisticated security checks!
WordPress Vulnerability Scanning
Acunetix identifies WordPress installations and will launch WordPress specific security
checks to ensure your website is secure including detection of vulnerable plugins and
themes, weak passwords, mal configuration of WordPress (username enumeration, WP
config backup files), Malware disguised as plugins and old versions of plugins. Similar
checks are also performed on other Content Management Systems such as Joomla and
Advanced Penetration Testing Tools Included
Acunetix includes advanced tools for penetration testers to further their security audits:
· HTTP Editor - Construct HTTP/HTTPS requests to analyze the web server response.
· HTTP Sniffer - Intercept, log and modify HTTP/HTTPS traffic sent by web application.
· HTTP Fuzzer - Perform sophisticated fuzzing tests with thousands of input
parameters using the rule builder and test input validation of web applications and
handling of invalid/random data.
· Blind SQL Injector - An automated database data extraction tool.
More Advanced Features
· Automatic Custom 404 Error Page & rewrite rule identification.
· HTTP Parameter Pollution (HPP) vulnerability detection.
· Supports custom HTTP headers in automated scans.
· Supports multiple HTTP authentication credentials.
· Support for CAPTCHA, Single Sign-On and Two Factor authentication mechanisms.
· Customize list of false positives & script custom web attacks.
· Automate File Upload Forms vulnerability testing.
· Locates CRLF injection, Code execution, Directory Traversal, File inclusion, Google
Hacking Database and Authentication vulnerabilities.
· Scanning profiles to scan websites with different scan options and identities.
· Compare scans and find differences with previous scans.
· Easily re-audit vulnerability fixes with rescan functionality.