wvs5manual - page 7 of 193

7 of 193

2 3 4 5 6 7 8 9 10 11 12

Introduction to Acunetix Web Vulnerability Scanner

1. Introduction to Acunetix Web

Vulnerability Scanner

1.1

Why You Need To Secure Your Web Applications

Website security is possibly today's most overlooked aspect of securing the

enterprise and should be a priority in any organization.

Increasingly, hackers are concentrating their efforts on web-based

applications to obtain access and to misuse sensitive data such as customer

details, credit card numbers and proprietary corporate data.

Hackers already have a wide repertoire of attacks that they regularly launch

against organizations including SQL Injection, Cross Site Scripting, Directory

Traversal

Attacks, Parameter Manipulation

(e.g., URL, Cookie, HTTP

headers, HTML Forms),

Authentication

Attacks, Directory Enumeration and

other exploits. Moreover, the hacker

community is very close-knit; newly

discovered web application intrusions are posted on a number of forums and

websites known only

to members of that exclusive group. Postings are

updated daily and are used to propagate and facilitate further hacking.

Web applications – shopping carts, forms, login pages, dynamic content, and

other bespoke applications –

are designed to allow your website visitors to

retrieve and submit dynamic content including varying levels of personal and

sensitive data.

If these web applications are not secure, then your entire database

sensitive information is at serious risk. A Gartner Group study reveals that

75% of cyber attacks are done at the web application level.

Why does this happen?

Websites and related web applications must be available 24 hours a

day, 7 days a week

to provide the required service to customers,

employees, suppliers and other stakeholders.

Firewalls

and SSL

provide no protection against web application

hacking, simply because access to the website has to be made

public.

Web applications often have direct access to backend data such as

customer databases and, hence, control valuable data and are much

more difficult to secure.

Most web applications are custom-made and, therefore, involve a

lesser degree of testing than off-the-shelf software. Consequently,

custom applications are more susceptible to attack.

Various high-profile hacking attacks have proven that web application

security remains the most critical. If your web applications are compromised,

hackers will have complete access to your backend data even though your

firewall is

configured correctly and your operating system and applications

are patched repeatedly.