“The biggest benefit of using Acunetix WVS is the amount of vulnerabilities Acunetix WVS reports. It is amazing.”
Laurent Desaulniers, Student and member of Team Random
The need for an automated security auditing tool
Once a year, the IS Competition is held at the Crystal Ball Conference, where a number of web security students team up, and scan each other’s web applications, to report vulnerabilities on each other’s servers. The scope of this competition is to raise web security awareness.
With the help of Acunetix WVS, Team Random from the Ecole de technologie superieure, focused on finding the highest number of vulnerabilities on competitors’ web applications, and they managed!
The technical committee supervising the competition included people from Cisco, CERT, ISIQ, GoSecure Inc, Check Point Software Technologies and from other renowned companies from the Internet Security area.
The Competition
Team Random, a team of 6 students from Canada who strive to apply theoretical knowledge to practical ends, scanned over 50 competitors’ web servers during this competition. Competitors’ servers were running both Apache and IIS as web server software, and custom web applications built from web security students using php, perl, ruby, asp, aspx and also Java platforms.
Team Random used several web vulnerability scanners during the competition, but Acunetix WVS was the scanner of choice. Once they won the competition, the team said “none of the other scanners worked as well as Acunetix”, while another student known as S P A C E B A R stated “I don’t have a clue how Acunetix does it, but it works, it works amazingly well!!”
Team Random also noticed that Acunetix WVS is a very easy to use web vulnerability scanner. As a matter of fact, the students used Acunetix WVS only two weeks before the competition took place, and by the time the competition was on, they had already mastered the scanner.
“Acunetix was not only flexible, but it found many XSS in many custom built applications” stated another member of Team Random.
All product and company names herein may be trademarks of their respective owners.
June 2009