Holistic and accurate vulnerability detection lies in the ability to detect anything from the most obvious to the most obscure of vulnerabilities. Acunetix is the industry leader in vulnerability detection and detects the largest variety of SQL Injection and XSS vulnerabilities including Out-of-band SQL Injection and DOM-based XSS as well as 3000 other web vulnerabilities.
In-Depth SQL Injection and XSS Vulnerability Testing
Acunetix rigorously tests for thousands of web application vulnerabilities including SQL Injection and XSS. However, when it comes to Dynamic Application Security Testing (DAST), while the number of tests a scanner can run is important, it is secondary to how well it can crawl and scan an application. Acunetix DeepScan technology:- Crawls and scans HTML5 web applications and executes JavaScript like a real browser
- Features the highest detection rate for high severity vulnerabilities in the industry
- Reliably detects advanced DOM-based Cross-site Scripting.
Advanced Automated DOM-Based XSS Vulnerability Testing
DOM-based XSS is possible if the client-side scripts of the web application write user-provided data to the Document Object Model (DOM). The data is subsequently read from the DOM by the web application and outputted to the browser. If the data is incorrectly handled, an attacker can inject a payload, which will be stored as part of the DOM and executed when the data is read back from the DOM. This advanced type of XSS is very difficult to detect.- Acunetix scans for a wide range of advanced DOM-based XSS vulnerabilities
- It reports the DOM-based XSS source and the sink
- It provides a stack trace of the injected DOM-based XSS payload.
Detection of Blind XSS, XXE, SSRF, and Email Header Injection
Traditional methods of detecting vulnerabilities fall short when attempting to detect out-of-band vulnerabilities, that is vulnerabilities that do not provide a response to a scanner during testing. Detection of out-of-band vulnerabilities requires an intermediary service such as Acunetix AcuMonitor that checks for:- Blind XSS and XML External Entity Injection (XXE)
- Server Side Request Forgery (SSRF) and Host Header Attacks
- Email Header Injection and Password Reset Poisoning.
Recommended reading
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
“We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.”
Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox