What Acunetix Standard can do for you
Prevent potential attacks
Manage web security
Automate your scanning
Detect SQLi, XSS, and other issues
Acunetix is the leading web vulnerability scanner used by serious Fortune 500 companies and widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology. It automatically crawls your websites and performs black box AND grey box hacking techniques which finds dangerous vulnerabilities that can compromise your website and data.
Acunetix standard tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection and over 4500 other web vulnerabilities. It has the most advanced scanning techniques generating the least false positives possible. Simplifies the web application security process through its inbuilt vulnerability management features that help you prioritize and manage vulnerability resolution.
- In depth crawl and analysis – automatically scans all websites
- Highest detection rate of vulnerabilities with low false positives
Audit Your Web Security with Acunetix Vulnerability Scanner
With the uptake of cloud computing and advancements in browser technology, web applications have become a core component of business processes, and a lucrative target for hackers. Organizations must make web application security not only a priority, but a fundamental requirement. Enter Acunetix a web vulnerability scanner available for Windows and for Linux!
Technology Leader in Automated Web Application Security
Acunetix are the pioneers of automated web application security testing. The Acunetix vulnerability scanner uses innovative technologies that include:
- DeepScan – for crawling AJAX-heavy client-side single page applications (SPAs)
- Industry’s most advanced SQL Injection and Crss-site Scripting (XSS) testing including advanced detection of DOM-based XSS
- AcuSensor – combines black box scanning techniques with feedback from its sensors placed inside source code
Fast, Accurate, Easy to Use
The Acunetix web vulnerability scanner employs a multi-threaded, lightning fast crawler that can crawl hundreds of thousands of pages without interruptions.
- Highest rate of detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress core, themes and plugins
- An easy to use Login Sequence Recorder that allows you to automatically scan complex password-protected areas
- Review vulnerability data using built-in vulnerability management tools and easily generate a wide variety of technical and compliance reports
The modern cybersecurity threat landscape continuously changing. One of the most popular ways for organizations to keep up with the onslaught of security vulnerabilities is through Penetration Testing (pen testing).
Penetration testing, also known as “Pen-Testing” or “Ethical hacking” is a process in which a skilled penetration tester conducts a series of tests using penetration testing software which is then likely combined into a report and sent to development teams to fix vulnerabilities found by a pen tester.
While manual security testing provides organizations with thorough point in time security assessment, unfortunately, manual penetration tests are time consuming, expensive, only provide point-in-time security assessment (not continuous), and does not provide a scaleable approach when organizations have several hundreds or even thousands of web applications to test.
Fortunately, automated penetration testing tools like Acunetix web vulnerability scanner allow organizations to scan anywhere from a handful to thousands of web applications quickly, cost effectively and, most importantly, continuously. Pen Testers are able to leverage the pros of automation for their web penetration testing freeing up their time for more important manual tests.
Industry leading technology coverage
With Acunetix, security teams can setup scheduled automated scans, to test for thousands of web application vulnerabilities (including SQL Injection, XSS) as well as misconfigurations.
Speed without sacrificing flexibility
Additionally, unlike many other web and network penetration software, Acunetix is lightning fast. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed and efficiency, allowing it to scan hundreds of thousands of pages without breaking a sweat.
What’s more, Acunetix can save the progress of a scan mid way, pause it, and resume it later on from where it left off entirely automatically. This is a crucial for time boxed pen testing or when scanning enormous web applications with time restrictions.
Defend Against Known Application Vulnerabilities
The first step to kick starting your web application security program is to look for known application vulnerabilities. Keeping known vulnerabilities out of your code base prevents attackers from easily exploiting them and running malicious code. Attacks such as SQL injection and Cross-site Scripting are usually much easier to fix than to find them, so educating developers about best practices, defining a security policy and enforcing development security standards are all important approaches when defending against web security vulnerabilities.
- Discover in excess of more than 4,500 security vulnerabilities
- Detect SQL Injection and Cross-site Scripting and all of their variants
- Automatically scan all webste files with custom form authentication or other custom access controls and session management
Defend Your Entire Attack Surfac
Web applications have a large attack surface and security threats can come from anywhere, including third-party code. Vulnerabilities can exist in several layers of an application, be it in the frontend, the backend or even within web server configurations.
With built-in support for exporting discovered vulnerabilities to the most popular security tools such as web application firewalls, you can take automated testing even further. Virtually patching the vulnerabilities in production will give you enough breathing room to fully and carefully undergo remediation.
Additionally, Acunetix can find security issues beyond the typical black-box scanning approach thanks to its AcuSensor gray-box scanning technology. With AcuSensor, Acunetix can automatically examine Java, ASP.NET and PHP server-side code that is being executed. This allows Acunetix to pinpoint the exact line of code where vulnerabilities lie, as well as dramatically reduce an already low false positive rate.
Get Actionable Insights into Your Web Application Vulnerabilities
By using tools to help you simulate web application attacks, you’ll be in a position to find and fix security vulnerabilities before an attacker has the chance to exploit them. A vulnerability scanner like Acunetix also recommends actions that you can take to correct the vulnerabilities it identifies, as well as the ability to retest fixes.
Acunetix Website Security Scanner Finds Security Vulnerabilities in Web Applications
Even the best designed web application, implemented by the most security-aware developers, is going to have security risks. It’s simply unavoidable. Developers focus on functionality, not web security. Applications are constantly changing. With new features designed and built against tight deadlines, it’s not surprising security critical vulnerabilities within application code and server configurations are introduced all the time. Hackers probe for vulnerabilities continuously, finding new security vulnerabilities in some of the most obscure web applications.
Regular website security checks are crucial to ensure your web application does not expose sensitive data. However, manual security testing simply does not scale against a large number of web applications common in the SaaS age. A web application security scanner will identify defects vital to your web application security posture.
Find security vulnerabilities before attackers do with a website security scanner
Code reviews and manual tests aren’t exhaustive enough to find all security vulnerabilities. Apart from relying on the developers and testers recognizing problems, they also don’t scale. Running an easy and quick scan with Acunetix website security scanner to comprehensively probe your site to identify where your application is at risk.
- Acts as a Java vulnerability scanner by examining web applications built with popular frameworks including Java frameworks such as Spring, Struts and Java Server Faces (JSF)
- Inspects the the source code of a web application whilst it is in execution thanks to AcuSensor technology
- Replicates user actions to execute scripts just like a browser
- Login Sequence Recorder allows you scan password-protected pages automatically.
Detect and fix common web application vulnerabilities
There are hundreds of common vulnerabilities your developers need to guard against, so it’s no surprise they might miss a couple. Acunetix can automatically discover thousands of vulnerabilities, including hard-to-detect variants. Acunetix website security scanner identifies more than 4,500 known vulnerabilities including:
- SQL Injection
- Cross-site Scripting (XXS)
- XML External Entity XXE) injection
Additionally, Acunetix can optionally make use of AcuSensor to examine server-side code during run-time and identify vulnerable lines of code in Java ASP.NET and PHP web applications where the vulnerability originate. What’s more, Acunetix generates almost zero false positives so test results are guaranteed not to throw a wrench in your web application scanning programme.
Concerned about WordPress Security? Enter Acunetix
WordPress is the most popular open source content management system (CMS). According to the latest W3Techs survey, almost 60% of all CMS instances use the platform and 32.5 of all the websites on the Internet are WordPress sites. From the standpoints of deployment and usage, this is exciting: given its popularity, WordPress is well-documented and full-featured. But it also means attackers are constantly looking to compromise vulnerable WordPress installations and the web servers behind them. To stay one step ahead, you need Acunetix: a WordPress vulnerability scanner that you can trust.
Detect a Full Range of WordPress Vulnerabilities
Acunetix is a full-featured WordPress security scanner. Vulnerabilities that Acunetix can discover include:
- Out-of-date WordPress versions, both WordPress core and plugins, that are missing critical security patches
- Malware disguised as 3rd party WordPress plugins and WordPress themes
- Weak passwords that can be used to launch a brute force attack
- Names of WordPress users that can be used to compromise accounts or perform social engineering
- Disclosure of publicly available wp-config.php files
- Susceptibility to XML-RPC brute force attacks
These results can be used by operations and development staff to update and secure existing WordPress installations. If out-of-date or unfamiliar plugins are detected, the team can quickly make educated decisions about whether to update the plugins or remove them from the site. Security teams can also use the findings as a basis for further penetration testing.
Up-to-Date WordPress Vulnerability Database
When information about WordPress security vulnerabilities is released, attackers almost immediately begin to scan for sites with an outdated version of WordPress or with vulnerable plugins. Stopping attackers in their tracks requires both a strong ongoing WordPress security program as well as timely response when vulnerabilities are announced.
Content Management Systems and Beyond
Even if your business depends on WordPress websites, it may not be your only web platform now. If it is, it may not be your only one in the future. You may be considering a tool specific to WordPress, but Acunetix is more flexible. It is a full-featured web application security testing tool that will evolve with your infrastructure. It detects security issues in any web application: from CMS platforms like WordPress, Joomla!, and Drupal to custom-built applications.
Sample Developer Report – Acunetix Security Audit
Compliance Report – PCI DSS
Use Cases- Penetration Testing Software
Use Cases- Website Security Scanner
Use Cases- External Vulnerability Scanner
WhitePaper – How to Secure your Website ?
Case Studies – Acunetix has helped many leading companies in securing their websites and web applications. These case studies illustrate the experiences and insights of some of our clients, highlighting how Acunetix has successfully helped them meet their web security needs.
OWASP Top 10 2017
NIST SP800 53 Acunetix
Use Cases- Web Application Security
Use Cases- Vulnerability Management Software
How to prevent Cross-site Scripting
How to prevent SQL Injection
How to prevent Reflected XSS
Concerned about WordPress Security?
Web Service Security – The Technology and its Concerns
How to prevent SQL Injection (SQLi) ?
How to prevent Directory Traversal Attacks ?
Competitive Analysis – Acunetix vs Qualys
Competitive Analysis – Acunetix vs Nessus
Executive Summary All vulnerabilities
HIPAA All vulnerabilities
Acunetix Technical Presentation and Support Videos
LOGON is a pan-asian company operating in India, Bangladesh, Sri Lanka, Hong Kong, Macau, China, Singapore, Malaysia, Indonesia, Vietnam, Philippines, Nepal, Maldives, Cambodia and Thailand. LOGON has local dedicated trained product specialists in Hong Kong, Guangzhou, Kuala Lumpur, Mumbai and Bangalore. LOGON acts both as value added reseller and sole distributor for award winning software solutions. Customers can buy new licenses, purchase upgrades and renewals from any of our local offices. Contact us for first line support during evaluations, PoCs. We offer best practices consulting services and classroom online training. Check our site for latest offers, special discounts, bundle deals, etc..
LOGON works with corporate clients and systems integrators by offering Vulnerability Management that offer continuous monitoring, vector analytics and modeling, integration with Software Development Life Cycle, Threat intelligence platforms and deliver Graphical attack modeling and compliance reporting. LOGON offers products from Acunetix, NetSparker, Flexera / Secunia etc. Other security solutions include Veracode, Whitehat, OPSWAT, Tenable, QUALYS, etc.. These solutions offer both Static Analysis (SAST) and Dynamic Analysis (DAST) that help Penetration Testers test Vulnerability Remediation, Cyber Exposure needs and Risk Assessment.