The Virginia Information Technologies Agency (VITA) announced that it cut the number of high-risk vulnerabilities affecting its web applications by 30 percent in one year by implementing a vulnerability-scanning program that includes the use of Acunetix.
VITA’s Web Application Vulnerability Scanning Program, implemented in 2016, uses Acunetix to check more than 1,600 public-facing web applications and another couple thousand internal ones at more than 67 state agencies every quarter. It has been used to identify more than 600 web application vulnerabilities, including the OWASP top 10 risks and configuration errors. After agencies address any vulnerabilities, VITA re-scans the systems. High-risk vulnerabilities, such as SQL injections, must be fixed quickly, while medium-risk ones, such as a brute force-style attack or encryption problems, have a longer deadline.
The program does more than identify and test vulnerabilities. VITA also offers services to agencies to help them understand and fix the problems. That’s because many agencies lack the in-house expertise to address the issues.
Click here for more information.