Audit your website security with Acunetix Web Vulnerability Scanner
As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.
Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities
using the attacked site. A victim’s website can be used to launch criminal activities such as hosting phishing sites or to transfer illicit content, while abusing the website’s bandwidth and making its owner liable for these unlawful acts.
Firewalls, SSL and locked-down servers are futile against web application hacking!
Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.
Find out if your web site is secure before hackers download sensitive data, commit a crime using your web site as a launch pad, and endanger your business. Acunetix Web Vulnerability Scanner crawls your web site, automatically analyzes your web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose your on line business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!
Acunetix Web Vulnerability Scanner includes many innovative features:
· An automatic Javascript analyzer allowing for security testing of Ajax and Web 2.0 applications
· Industry’s most a dvanced and in-depth SQL injection and Cross site scripting testing
· Visual macro recorder makes testing web forms and password protected areas easy
· Extensive reporting facilities including VISA PCI compliance reports
· Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
· Automate File Upload Forms vulnerability testing
· Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
· Innovative AcuSensor Technology that allows accurate scanning for many vulnerabilities
· Port scanning and network alerts against the web server for complex security checks
Acunetix WVS automatically checks for the following vulnerabilities among others:
· Version Check
- Vulnerable Web Servers
- Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
· Web Server Configuration Checks
- Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
- Verify Web Server Technologies
· Parameter Manipulation
· Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
· SQL Injection
· Code Execution
· Directory Traversal
· File Inclusion
· Script Source Code Disclosure
· CRLF Injection
· Cross Frame Scripting (XFS)
· PHP Code Injection
· XPath Injection
· Path Disclosure (Unix and Windows)
· LDAP Injection
· Cookie Manipulation
· Arbitrary File creation (AcuSensor Technology)
· Arbitrary File deletion (AcuSensor Technology)
· Email Injection (AcuSensor Technology)
· File Tampering (AcuSensor Technology)
· URL redirection
· Remote XSL inclusion
· MultiRequest Parameter Manipulation
· Blind SQL/XPath Injection
· File Checks
· Checks for Backup Files or Directories – Looks for common files (such as logs, application traces, CVS web repositories)
· Cross Site Scripting in URI
· Checks for Script Errors
· File Uploads
· Unrestricted File uploads Checks
· Directory Checks
· Looks for Common Files (such as logs, traces, CVS)
· Discover Sensitive Files/Directories
· Discovers Directories with Weak Permissions
· Cross Site Scripting in Path and PHPSESSID Session Fixation.
· Web Applications
· HTTP Verb Tampering
· Text Search
· Directory Listings
· Source Code Disclosure
· Check for Common Files
· Check for Email Addresses
· Microsoft Office Possible Sensitive Information
· Local Path Disclosure
· Error Messages
· Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)Weak Passwords
· Weak HTTP Passwords
· GHDB Google Hacking Database
· Over 1200 GHDB Search Entries in the Database
· Port Scanner and Network Alerts
· Port scans the web server and obtains a list of open ports with banners
· Performs complex network level vulnerability checks on open ports such as:
New Security Check
· Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
· SQL Injection
· Code Execution
· Directory Traversal
· File Inclusion
· Script Source Code Disclosure
· CRLF Injection
· Cross Frame Scripting (XFS)
· PHP Code Injection
· XPath Injection
· Path Disclosure (Unix and Windows)
· LDAP Injection
· Cookie Manipulation
· Arbitrary File creation (AcuSensor Technology)
· Arbitrary File deletion (AcuSensor Technology)
· Email Injection (AcuSensor Technology)
· File Tampering (AcuSensor Technology)
· URL redirection
· Remote XSL inclusion
· MultiRequest Parameter Manipulation
· Blind SQL/XPath Injection
· File Checks
· Checks for Backup Files or Directories – Looks for common files (such as logs, application traces, CVS web repositories)
· Cross Site Scripting in URI
· Checks for Script Errors
· File Uploads
· Unrestricted File uploads Checks
· Directory Checks
· Looks for Common Files (such as logs, traces, CVS)
· Discover Sensitive Files/Directories
· Discovers Directories with Weak Permissions
· Cross Site Scripting in Path and PHPSESSID Session Fixation.
· Web Applications
· HTTP Verb Tampering
· Text Search
· Directory Listings
· Source Code Disclosure
· Check for Common Files
· Check for Email Addresses
· Microsoft Office Possible Sensitive Information
· Local Path Disclosure
· Error Messages
· Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)Weak Passwords
· Weak HTTP Passwords
· GHDB Google Hacking Database
· Over 1200 GHDB Search Entries in the Database
· Port Scanner and Network Alerts
· Port scans the web server and obtains a list of open ports with banners
· Performs complex network level vulnerability checks on open ports such as:
- DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
- FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
- Security and configuration checks for badly configured proxy servers
- Checks for weak SNMP community strings and weak SSL ciphers
- And many other network level vulnerability checks!
- · Input Validation
- · Authentication attacks
- · Buffer overflows
- · Blind SQL injection
- · Sub domain scanning
Acunetix Web Vulnerability Scanner v8.20120508 released on 8 May,2012
New Security Check
- Acunetix WVS 8 checks if your PHP-CGI installation is vulnerable to remote code execution. For further information regarding this type of vulnerability, read the PHP-CGI advisory article here
- Ability to edit scheduled scans. No need for scheduling new scans every time you wish to change a scan setting.
- Amend multiple scheduled scans simultaneously by selecting them and applying the required global changes.
- Save all your scanned results and access them at any time from your scheduler’s scan history. You can also delete your scanned results from the web-based scheduler.
- A new setting has been introduced to configure the maximum number of pages during a crawl.
- Improved Cross-Site Scripting (XSS) tests.
- The web-based scheduler has been improved to run better in the latest version of Internet Explorer.
- Enhanced SQL injection tests to reduce the false positives reporting even more.
Bug Fixes
- The scheduled scans can be correctly imported after upgrading to a more recent build of Acunetix WVS 8.
- The false positives settings node can now support changes from multiple instances at the same time.
- Web Service Definition Language (WSDL) Scanner URL edit box is now able to save history.
More Information:
Acunetix Scanner version 8 quicker guide video
For More Information visit Acunetix website -
Acunetix Scanner Manual
For More Information
Visit Blog of Acunetix for detailed information & very usefull articles
0 comments:
Post a Comment