Audit Your Web Security with Acunetix Vulnerability Scanner.
Audit your website security
Firewalls, SSL and hardened networks are futile against web application hacking! Hackers are concentrating on web-based applications (shopping carts, forms, login pages, etc) – accessible 24/7 – and directly connected to your database back-ends with valuable data. Web applications are tailor-made, less tested than off-the-shelf software and likely to have undiscovered vulnerabilities that can be a recipe for disaster. Don’t overlook Website security at your organization!
Acunetix is the leading web vulnerability scanner used by serious Fortune 500 companies and widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology. It automatically crawls your websites and performs black box AND grey box hacking techniques which finds dangerous vulnerabilities that can compromise your website and data.
Acunetix tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection and over 4500 other web vulnerabilities. It has the most advanced scanning techniques generating the least false positives possible. Simplifies the web application security process through its inbuilt vulnerability management features that help you prioritize and manage vulnerability resolution.
- In depth crawl and analysis – automatically scans all websites
- Highest detection rate of vulnerabilities with low false positives
- Integrated vulnerability management – prioritize & control threats
- Integration with popular WAFs and Issue Trackers
- Free network security scanning and Manual Testing tools
- Available on Windows, Linux and Online
Fast, Accurate, Easy to Use
Multi-threaded, lightning fast crawler and scanner that can crawl hundreds of thousands of pages without interruptions.
- Highest detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress’ core, themes and plugins.
- An easy to use Login Sequence Recorder that allows the automatic scanning of complex password protected areas.
- Review vulnerability data with built-in vulnerability management. Easily generate a wide variety of technical and compliance reports.
Audit Your Web Security with Acunetix Vulnerability Scanner
With the uptake of cloud computing and advancements in browser technology, web applications have become a core component of business processes, and a lucrative target for hackers. Organizations must make web application security not only a priority, but a fundamental requirement. Enter Acunetix a web vulnerability scanner available for Windows and for Linux!
A Firewall Is not Enough
Firewalls, SSL and hardened networks are futile against web application hacking. Web attacks are carried out over HTTP and HTTPS – the same protocols that are used to deliver content to legitimate users. Web applications are often tailor-made and tested less than off-the-shelf software and the repercussions of a web attack are often worse than those of traditional network-based attacks.
- Detect over 4500 web application vulnerabilities
- Scan open-source software and custom-built applications
- Detect critical vulnerabilities with 100% Accuracy
Technology Leader in Automated Web Application Security
Acunetix are the pioneers of automated web application security testing. The Acunetix vulnerability scanner uses innovative technologies that include:
- DeepScan – for crawling AJAX-heavy client-side single page applications (SPAs)
- Industry’s most advanced SQL Injection and Crss-site Scripting (XSS) testing including advanced detection of DOM-based XSS
- AcuSensor – combines black box scanning techniques with feedback from its sensors placed inside source code
Fast, Accurate, Easy to Use
The Acunetix web vulnerability scanner employs a multi-threaded, lightning fast crawler that can crawl hundreds of thousands of pages without interruptions.
- Highest rate of detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress core, themes and plugins
- An easy to use Login Sequence Recorder that allows you to automatically scan complex password-protected areas
- Review vulnerability data using built-in vulnerability management tools and easily generate a wide variety of technical and compliance reports
The modern cybersecurity threat landscape continuously changing. One of the most popular ways for organizations to keep up with the onslaught of security vulnerabilities is through Penetration Testing (pen testing).
Penetration testing, also known as “Pen-Testing” or “Ethical hacking” is a process in which a skilled penetration tester conducts a series of tests using penetration testing software which is then likely combined into a report and sent to development teams to fix vulnerabilities found by a pen tester.
While manual security testing provides organizations with thorough point in time security assessment, unfortunately, manual penetration tests are time consuming, expensive, only provide point-in-time security assessment (not continuous), and does not provide a scaleable approach when organizations have several hundreds or even thousands of web applications to test.
Fortunately, automated penetration testing tools like Acunetix web vulnerability scanner allow organizations to scan anywhere from a handful to thousands of web applications quickly, cost effectively and, most importantly, continuously. Pen Testers are able to leverage the pros of automation for their web penetration testing freeing up their time for more important manual tests.
Industry leading technology coverage
With Acunetix, security teams can setup scheduled automated scans, to test for thousands of web application vulnerabilities (including SQL Injection, XSS) as well as misconfigurations.
Speed without sacrificing flexibility
Additionally, unlike many other web and network penetration software, Acunetix is lightning fast. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed and efficiency, allowing it to scan hundreds of thousands of pages without breaking a sweat.
What’s more, Acunetix can save the progress of a scan mid way, pause it, and resume it later on from where it left off entirely automatically. This is a crucial for time boxed pen testing or when scanning enormous web applications with time restrictions.
Integrations with third-party penetration testing software make it easy to move between automatic and manual testing for advanced users who need it. Moreover, vulnerabilities Acunetix discovers may be exported to a wide variety of industry leading Web Application Firewalls (WAFs) such as Imperva SecureSphere and F5 Big-IP ASM.
Easy reporting and Issue Tracker integration
Another issue that Acunetix solves over other web application security software is the ability to instantly generate a wide variety of technical and regulatory and compliance reports such as PI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix allows users to export discovered vulnerabilities to Issue Trackers such as:
- Atlassian JIRA,
- Microsoft Team Foundation Server (TFS).
Defend Against Known Application Vulnerabilities
The first step to kick starting your web application security program is to look for known application vulnerabilities. Keeping known vulnerabilities out of your code base prevents attackers from easily exploiting them and running malicious code. Attacks such as SQL injection and Cross-site Scripting are usually much easier to fix than to find them, so educating developers about best practices, defining a security policy and enforcing development security standards are all important approaches when defending against web security vulnerabilities.
- Discover in excess of more than 4,500 security vulnerabilities
- Detect SQL Injection and Cross-site Scripting and all of their variants
- Automatically scan all webste files with custom form authentication or other custom access controls and session management
Defend Your Entire Attack Surfac
Web applications have a large attack surface and security threats can come from anywhere, including third-party code. Vulnerabilities can exist in several layers of an application, be it in the frontend, the backend or even within web server configurations.
With built-in support for exporting discovered vulnerabilities to the most popular security tools such as web application firewalls, you can take automated testing even further. Virtually patching the vulnerabilities in production will give you enough breathing room to fully and carefully undergo remediation.
Additionally, Acunetix can find security issues beyond the typical black-box scanning approach thanks to its AcuSensor gray-box scanning technology. With AcuSensor, Acunetix can automatically examine Java, ASP.NET and PHP server-side code that is being executed. This allows Acunetix to pinpoint the exact line of code where vulnerabilities lie, as well as dramatically reduce an already low false positive rate.
Get Actionable Insights into Your Web Application Vulnerabilities
By using tools to help you simulate web application attacks, you’ll be in a position to find and fix security vulnerabilities before an attacker has the chance to exploit them. A vulnerability scanner like Acunetix also recommends actions that you can take to correct the vulnerabilities it identifies, as well as the ability to retest fixes.
Acunetix also allows you to produce dozens of technical and compliance reports with actionable information web application developers, security professionals, and regulators can use to assess and reduce security risks:
- Out-of-the-box vulnerability management tools including historic trends, and prioritization
- Integration with popular Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server
- Easy to generate compliance reports for PCI DSS, OWASP Top 10, ISO 27001 and HIPAA
Acunetix Website Security Scanner Finds Security Vulnerabilities in Web Applications
Even the best designed web application, implemented by the most security-aware developers, is going to have security risks. It’s simply unavoidable. Developers focus on functionality, not web security. Applications are constantly changing. With new features designed and built against tight deadlines, it’s not surprising security critical vulnerabilities within application code and server configurations are introduced all the time. Hackers probe for vulnerabilities continuously, finding new security vulnerabilities in some of the most obscure web applications.
Regular website security checks are crucial to ensure your web application does not expose sensitive data. However, manual security testing simply does not scale against a large number of web applications common in the SaaS age. A web application security scanner will identify defects vital to your web application security posture.
Find security vulnerabilities before attackers do with a website security scanner
Code reviews and manual tests aren’t exhaustive enough to find all security vulnerabilities. Apart from relying on the developers and testers recognizing problems, they also don’t scale. Running an easy and quick scan with Acunetix website security scanner to comprehensively probe your site to identify where your application is at risk.
- Acts as a Java vulnerability scanner by examining web applications built with popular frameworks including Java frameworks such as Spring, Struts and Java Server Faces (JSF)
- Inspects the the source code of a web application whilst it is in execution thanks to AcuSensor technology
- Replicates user actions to execute scripts just like a browser
- Login Sequence Recorder allows you scan password-protected pages automatically.
Detect and fix common web application vulnerabilities
There are hundreds of common vulnerabilities your developers need to guard against, so it’s no surprise they might miss a couple. Acunetix can automatically discover thousands of vulnerabilities, including hard-to-detect variants. Acunetix website security scanner identifies more than 4,500 known vulnerabilities including:
- SQL Injection
- Cross-site Scripting (XXS)
- XML External Entity XXE) injection
Additionally, Acunetix can optionally make use of AcuSensor to examine server-side code during run-time and identify vulnerable lines of code in Java ASP.NET and PHP web applications where the vulnerability originate. What’s more, Acunetix generates almost zero false positives so test results are guaranteed not to throw a wrench in your web application scanning programme.
Improve website security testing with security tools
Make website security testing more robust with a website security scanner that examines your web application from end to end. Acunetix uses both black box and gray box testing and focuses on the complete attack surface of web applications and web services. Plus, Acunetix provides support for managing and resolving web application security issues, not just identifying them.
- Discover critical vulnerabilities such as SQL injection and command injection
- Identifies TLS/SSL vulnerabilities, web server vulnerabilities and other misconfigurations
- Performs a WordPress security scan to identify vulnerabilities in WordPress themes, plugins and WordPress core for known vulnerabilities
- Integrates with web application firewalls and automatically creates protective rules
- Integrates with Issue Trackers such as Atlassian JIRA, GitHub and Microsoft TFS
- Vulnerability management reporting enables defect prioritization and regulatory compliance
End-to-End Enterprise Web Security with Acunetix 360
Vulnerability scanning is not enough for a large organization to face present-day security-related challenges. Enterprise requires a comprehensive web application security management platform that allows them to easily find, fix, and prevent vulnerabilities. Acunetix 360 is an end-to-end web security solution that offers a 360 view of an organization’s security posture. It allows the enterprise to take control of the security of all its web applications, web services, and APIs, ensuring long-term protection.
Central to Acunetix 360 is the Acunetix scanning engine, which is globally known, trusted, and appreciated for its unbeatable speed and precision.
Continuously Protect All Your Web Assets
To start protecting your web assets, you must first know what they are and where they are. Acunetix 360 is a unique solution that can help you find them and never forget about them.
- Don’t overlook anything. Automatically discover web assets that are owned by your business and/or manually import them.
- Streamline your processes. Use security policies to continuously monitor and safeguard your web assets.
- Find every vulnerability and only real vulnerabilities. Don’t waste valuable resources researching false positives.
Make Sure that Every Vulnerability is Fixed
A large organization cannot afford to manually fix every vulnerability. Unlike simpler vulnerability scanners, Acunetix 360 supports your entire workflow.
- Have the right team address the issue. Integrate with issue trackers to automatically assign tasks to the right person.
- Include all stakeholders. Keep the right people informed using custom workflows with granular permissions and various communication channels.
- Don’t let mistakes happen. Automatically retest after an issue has been marked as fixed and, if needed, reassign to the responsible party.
Catch Issues Before They Emerge
The fewer errors make it to production, the better. Make sure to prevent exposure by enforcing vulnerability testing at the right stages of your SDLC.
- Don’t miss any bugs in your code. Use your proven continuous integration solution to include an incremental vulnerability scan in every build.
- Quickly pinpoint and fix the problem. The level of detail provided by Acunetix 360 helps you avoid additional research and resource costs.
- Do it your way. Integration capabilities of Acunetix 360 let you avoid the costs associated with implementing additional solutions.
External Vulnerability Scanner: Enter Acunetix!
External vulnerability scanning, or as it’s sometimes known, perimeter scanning, is one of the absolutely necessary security tests any organization should undertake routinely. External vulnerability scanning helps make sure that vulnerabilities at the perimeter, that is, vulnerabilities laid out for the world to see, are identified and remediated as quickly as possible, making organizations more efficient at following cybersecurity best practices.
Until a few years ago, most external vulnerability scanning would be merely scoped to the external network infrastructure immediately reachable by attackers. However, we’re now living in the ‘age of the data breach’, where most defenses are actually breached through vulnerable web applications, or a combination of network-layer vulnerabilities, together with web vulnerabilities. To such an extent, organizations need to keep up with this reality and give web applications their due importance when scanning for external vulnerabilities.
Fast, flexible, continuous external vulnerability scanning
The modern web is full of complexities, and as such, many other external vulnerability scanners and black box scanners built a decade ago, can’t properly scan, large and complex web applications quickly. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed, efficiency and accuracy, allowing it to complete even the largest external vulnerability scans without breaking a sweat.
What’s more, in Acunetix it’s possible to throttle the speed at which an external vulnerability scan runs, ensuring that even high-traffic sites can be scanned without affecting their performance. You can also schedule external vulnerability scans to run at specific times of a day, week or month, or even define you own custom schedule.
You also have the option of running scans on a continuous basis with Acunetix only running a quick scan every day of the week, with a full scan run once a week. This ensures that any new vulnerabilities that may have been introduced in-between full scans get picked up by Acunetix immediately.
Dead simple Vulnerability Management and reporting
Another problem that Acunetix solves which many other external vulnerability scanners surley lack is the ability to produce great reports. After an external vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix also allows users to export discovered vulnerabilities to third party Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS).
One of the biggest issues with conventional external vulnerability scanners is that they simply show a list of scan results. Acunetix takes a different approach in that once a vulnerability is found during a scan, it is automatically cataloged and assigned a status of Open. After the vulnerability gets fixed, Acunetix may be used to re-test the vulnerability to make sure it’s properly fixed, and then automatically marks it as Closed.
All information is available at a glance in the Acunetix Dashboard. With Acunetix’s multi-user, multi-role capabilities, users can only see what they’re meant to.
Key Features of the Acunetix Network Security Scanner
Comprehensive security audits require a detailed inspection of the perimeter of your public-facing network assets. Acunetix uses the popular OpenVAS scanner to provide a comprehensive perimeter network security scan engine that integrates seamlessly with your web application security testing. The network security scanner is directly available in Acunetix Online and automatically integrates with Acunetix for Windows and Acunetix for Linux.
Scan Network Perimeter Services
Insecure network perimeters are still the cause of most data breaches. The perimeter is, therefore, one of the most important areas of your network to secure against vulnerabilities, misconfiguration, and other security threats that could compromise security or availability of network services. Acunetix provides you with a perspective of your network perimeter just like an attacker would see it. Use it to:
- Discover open ports and running services
- Test for over 50,000 known network vulnerabilities and misconfigurations
Testing for Network Vulnerabilities
Acunetix scans your network for vulnerabilities and presents results in the Acunetix dashboard, from where a network security report can be easily generated.
- Assess the security of routers, firewalls, switches, and load balancers
- Test for weak passwords: FTP, IMAP, database servers, POP3, Socks, SSH, and Telnet
- Test for DNS zone transfer, open recursive DNS, and DNS cache poisoning attacks
Detecting Network Security Misconfigurations
Acunetix can detect a wide array of network security misconfigurations that could lead to sensitive data disclosure, denial of service, or even compromise of hosts. Acunetix tests for:
- Anonymous FTP access and writable directories over FTP
- Badly configured proxy servers
- Weak SNMP community strings
- Weak TLS/SSL ciphers
Concerned about WordPress Security? Enter Acunetix
WordPress is the most popular open source content management system (CMS). According to the latest W3Techs survey, almost 60% of all CMS instances use the platform and 32.5 of all the websites on the Internet are WordPress sites. From the standpoints of deployment and usage, this is exciting: given its popularity, WordPress is well-documented and full-featured. But it also means attackers are constantly looking to compromise vulnerable WordPress installations and the web servers behind them. To stay one step ahead, you need Acunetix: a WordPress vulnerability scanner that you can trust.
Detect a Full Range of WordPress Vulnerabilities
Acunetix is a full-featured WordPress security scanner. Vulnerabilities that Acunetix can discover include:
- Out-of-date WordPress versions, both WordPress core and plugins, that are missing critical security patches
- Malware disguised as 3rd party WordPress plugins and WordPress themes
- Weak passwords that can be used to launch a brute force attack
- Names of WordPress users that can be used to compromise accounts or perform social engineering
- Disclosure of publicly available wp-config.php files
- Susceptibility to XML-RPC brute force attacks
These results can be used by operations and development staff to update and secure existing WordPress installations. If out-of-date or unfamiliar plugins are detected, the team can quickly make educated decisions about whether to update the plugins or remove them from the site. Security teams can also use the findings as a basis for further penetration testing.
Up-to-Date WordPress Vulnerability Database
When information about WordPress security vulnerabilities is released, attackers almost immediately begin to scan for sites with an outdated version of WordPress or with vulnerable plugins. Stopping attackers in their tracks requires both a strong ongoing WordPress security program as well as timely response when vulnerabilities are announced.
From an ongoing perspective, Acunetix allows you to schedule frequent scans of your company’s web presence, enumerate WordPress websites, and focus on instances that need to be updated or decommissioned. The Acunetix Continuous Scanning feature is particularly helpful with WordPress sites. With Continuous Scanning, Acunetix performs a full scan of the website once every week as well as a daily scan for critical vulnerabilities, and sends you those findings immediately. As new vulnerabilities are added to the Acunetix vulnerability database, Continuous Scanning ensures that you are testing for those vulnerabilities as soon as they are known. This keeps you in front of attackers.
Scan reports can then be configured for different audiences to facilitate sharing vital security information and meet regulatory needs such as PCI DSS, HIPAA, or Sarbanes-Oxley. Our user interface allows security analysts to easily configure scans for individual vulnerabilities, allowing the team to quickly and easily identify WordPress sites that need immediate attention.
Content Management Systems and Beyond
Even if your business depends on WordPress websites, it may not be your only web platform now. If it is, it may not be your only one in the future. You may be considering a tool specific to WordPress, but Acunetix is more flexible. It is a full-featured web application security testing tool that will evolve with your infrastructure. It detects security issues in any web application: from CMS platforms like WordPress, Joomla!, and Drupal to custom-built applications.