Lowest False Positives Guarantees Effective Web Application Security

Acunetix’s unique AcuSensor Technology enhances a regular dynamic scan through an Interactive Application Security Testing (IAST) deployment of sensors inside the source code. AcuSensor will then relay feedback to the scanner during the source code’s execution. In web application security testing, the combination of black-box and white-box testing (commonly referred to as gray-box testing) further enhances the scanner’s detection rate.

Acunetix achieves top scores in SQLi, XSS and hidden file detection benchmarks.
Source – SecTools Addict Benchmark

Interactive Security Testing with AcuSensor

Traditional web application security testing (black-box testing) will not see how code behaves during execution and source code analysis will not always understand what happens when code is in execution. AcuSensor marries these two methodologies and is able to achieve a significantly higher detection of vulnerabilities. Typically, SQL injection vulnerabilities can only be found if database errors are reported, or through ‘blind’ techniques. With AcuSensor, SQL Injection vulnerabilities can be detected in all SQL queries; including INSERT statements.

Pinpoints Exact Location of Vulnerabilities

AcuSensor technology can indicate the line of code where the vulnerability lies and report additional debug information. This greatly increases remediation efficiency and makes the developer’s task of fixing the vulnerabilities easier.

Back-end File Crawling

AcuSensor can run a back-end crawl, presenting all files accessible through the web server to the scanner; even if these files are not linked through the front-end application. This ensures 100% coverage of the application, and alerts users of any backdoor files that might have been maliciously uploaded by an attacker.

Lowest False Positive Rates

Detection of inexistent vulnerabilities are a nightmare to deal with. False positives reduce confidence in the scanner and waste the time of pen-testers and developers alike in trying to find and fix vulnerabilities. Acunetix excels with the lowest false positive rate in the industry, saving valuable time for your security and development teams.

AcuSensor Technology can automatically verify vulnerabilities found through black box scanning techniques by performing additional tests during the execution of the application’s source code. This allows an Acunetix scan to give a near to 0% false positive rate when AcuSensor is used.

Category Accuracy
SQL Injection 100% / 0% FP
XSS (Reflected) 100% / 0% FP

Source – WAVSEP Web Application Scanner Benchmark 2016

Acunetix is available on premise and online. Choose your trial.