New version 5 of Acunetix Web Vulnerability Scanner ensures companies meet PCI compliancy
London, UK – June 11, 2007 – The PCI Compliancy Standard requires any company that has a website and does business online, to ensure their web site and web applications are secure. Penalties for noncompliance range from fines of up to $500,000, to increased auditing requirements or even losing the ability to process credit card transactions. Acunetix today announced the release of Acunetix Web Vulnerability Scanner which includes an extensive compliancy reporting tool amongst others, to aid companies achieve PCI compliancy.
“PCI compliance, required by September 2007, is not just another bureaucratic standard to comply to. It’s a standard to protect consumers and the future of online business, based on real world needs. To avoid similar cases such as TJX happening again, it is imperative that companies take all the necessary precautions to ensure they reach compliancy,” announced Nick Galea, CEO Acunetix. “Acunetix WVS v5 will check your web site and alert you to any issues you need to fix. Once fixed, it will create a detailed report which will allow you to easily prove that you meet these particular PCI standards.”
Acunetix WVS v.5 helps meet the following PCI requirements:
- (Requirement 2.2.4) Remove all unnecessary functionality
- (Requirement 2.3) Encrypt all non-console administrative access
- (Requirement 4) Encrypt transmission of cardholder data across open, public networks
- (Requirement 6) Develop and maintain secure systems and applications
- (Requirement 6.5.1) Unvalidated Input
- (Requirement 6.5.2) Broken Access Control
- (Requirement 6.5.3) Broken Authentication and Session Management
- (Requirement 6.5.4) Cross Site Scripting (XSS) Flaws
- (Requirement 6.5.5) Buffer Overflows
- (Requirement 6.5.6) Injection Flaws
- (Requirement 6.5.7) Improper Error Handling
- (Requirement 6.5.8) Insecure Storage
- (Requirement 6.5.9) Denial of Service
- (Requirement 6.5.10) Insecure Configuration Management
A PCI Compliance Guide is available at: http://www.acunetix.com/websitesecurity/PCI-Compliance.pdf
Other important new features:
The Acunetix Reporter is a separate application which provides centralized control over all reporting and documentation needs. The Reporter allows single-click reporting capability and features multiple reporting formats such as vulnerability and developer reports, compliance (including The Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Sarbanes Oxley Act of 2002, Web Application Security Consortium: Threat Classification), comparison, and also statistical reports. The Reporter allows reports to be exported as PDF, RTF, HTML, BMP, and PRN formats.
Web Services Scanner
Many organizations are implementing the Web Services architecture to increase the availability of information and to improve process executions of the internet. Web Services, like any other internet-dependent system, presents new exploit possibilities and increases the need for security audits. The Web Services Scanner performs automated vulnerability scans for Web Services and generates detailed security reports from the results.
Web Services Editor
Allows the importing of an online or local WSDL and the sending of custom operation inputs over the ServiceSOAP ports. Also includes in depth analysis of the WSDL structure, containing parameters in the XML schema and the various operations over the SOAP service ports.
Automatically scans a top-level domain to locate any subdomains configured in its hierarchy by using the target domain’s DNS server, or by specifying one manually. Any subdomains discovered can be scanned for vulnerabilities from within the tool itself, or imported directly into the HTTP Editor for further analysis through custom requests.
Pricing and availability
Acunetix VWS is available in three versions: Small Business Version (scans 1 nominated website), Enterprise Version (scans unlimited websites) and Consultant version (scans unlimited third party websites). Pricing starts at $1995 for a perpetual Small Business license and $5995 for a perpetual Enterprise license.
About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. Acunetix also crawls and analyzes websites including flash content, SOAP and AJAX. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com.