As new technologies bring new security risks to light, Acunetix steps up to the challenge with the most comprehensive crawling and scanning technology in the market yet.
MALTA, 15 August 2013 — Acunetix today announced the 9th release of its award-winning Web Vulnerability Scanner, building on the experience and knowledge of several years of working with organisations across the globe securing their websites and web applications.
With as many as 70% of web sites containing exploitable web vulnerabilities potentially leading to severe business repercussions such as data theft and operational disruptions, hackers have been focusing their efforts on shopping carts, forms, login pages, dynamic content and plain-and-simple human error.
But this statistic conceals a much more worrying trend in internet security; the inability to detect new vulnerabilities resulting from the widespread adoption of more recent web application development technologies.
A case in point: HTML5
Mobility trends, the business imperative of enhanced online customer experiences, adoption by the development community and the availability of capable desktop browsers, mean that HTML5 keeps gaining more and more relevance. But this is also paving the way for new code vulnerabilities, and hackers, to find their way straight into the heart of any business’s web infrastructure.
The root of the problem, according to Mr Galea, can be traced to the superficial crawling capabilities of contemporary web application scanning tools. But the new Acunetix DeepScan is set to change all of this.
“Crawling an application with a limited understanding of the plenitude of new tags, attributes and events possible within dynamic websites is equivalent to walking blindfolded into a room full of furniture. The only way to find your way around is by hitting stuff,” continued Mr Galea. Put that within the context of a business that relies on their customer-facing website, and hitting Grandma’s sideboard takes on a whole new meaning.
And when these new features are coupled with the capabilities inherited from the previous iteration, the new Acunetix Web Vulnerability Scanner becomes an indispensable tool for anyone concerned about their website security. In fact, v9 users will still benefit from Acunetix’s proprietary AcuSensor Technology. AcuSensor combines black box scanning techniques with feedback from sensors placed inside the source code whilst the latter is being executed. This guarantees increased vulnerability detection and reduction in false positives together with the exact pinpointing of where in the source code the vulnerability is located. This facilitates much quicker remediation of the vulnerability.
Mobile Websites Support
With over 1 billion smart phones in use worldwide, mobile-friendly websites are becoming a must for every business. But at the same time, they are increasingly becoming the preferred target of web hackers as another way into the heart of the business. Using the same layout engine of choice for the default browsers in Apple iOS, Android and Blackberry to power Acunetix DeepScan, Acunetix users can automatically detect web vulnerabilities in mobile-friendly sites and web applications. The scanning wizard has also been updated to detect when a mobile-friendly site is present and gives the user the choice of whether to scan the main web site or its mobile version.
Traditional crawling and scanning techniques implemented by contemporary automated scanners are inapt at detecting Blind Cross-Site Scripting vulnerabilities, since the XSS script is not executed during the scan itself. Detection of Blind XSS vulnerabilities will however become possible with the parallel introduction of the AcuMonitor which is being made exclusively available to v9 clients.
Detection of DOM-based XSS vulnerabilities has to-date only been possible through expensive manual penetration tests. WVS v9 will drastically increase the automated detection of DOM-based XSS.
Other New Features
The introduction of AcuMonitor also makes possible the detection of several other vulnerabilities, including:
- Server Side Request Forgery (SSRF)
- XML External Entity (XXE)
- Email Header Injection
- Host Header Attacks
Download the Trial Version
If you want to give the new version of Acunetix Web Vulnerability Scanner a try, you can download a 14-day trial version.
Availability and Pricing
Acunetix WVS v9 starts at $1,445. The latest iteration, with its enhanced features and capabilities, will be available at the same prices as version 8 until the end of 2013.
It is available through Acunetix and Acunetix resellers and distributors across the globe. For more information about Acunetix WVS availability, pricing and licensing options please visit https://www.acunetix.com/ordering/.
Acunetix is a market leader in web application security technology, founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of work by a team of highly experienced security developers. Acunetix customers include the U.S. Army, U.S. Air Force, AT&T, KPMG, Telstra, Fujitsu, and Adidas.