Acunetix checks for all web vulnerabilities including SQL injection, Cross site scripting and others. SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.
Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine which quickly finds vulnerabilities with a low number of false positives. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion and Authentication vulnerabilities.
Scan AJAX and Web 2.0 technologies for vulnerabilities
Detailed reports enable you to meet Legal and Regulatory Compliance
Acunetix Web vulnerability scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new VISA PCI Data Compliance requirements.
Analyzes your site against the Google Hacking Database
The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive data on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.
Advanced penetration testing tools included
In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security checks:
• HTTP Editor – With this tool you can easily construct HTTP/HTTPS requests and analyze the web server response.
• HTTP Sniffer – Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application
• HTTP Fuzzer – Performs sophisticated testing for buffer overflows and input validation. Test thousands of input variables with the easy to use rule builder of the HTTP fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
• Create custom attacks or modify existing ones with the Web Vulnerability Editor
Test password protected areas and web forms with Automatic HTML form filler
Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test these pages. Not so with Acunetix: Using the macro recording tool you can record a logon or form filling process and store the sequence. The scanner can then replay this sequence during the scan process and fill in web forms automatically or logon to password protected areas.