Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2
21 July 2005 – Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.
Securing your website should be your number one concern
Hackers are concentrating their efforts on web-based applications – 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.
500,000 customer credit card numbers obtained via a web attack
Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.
Firewalls, SSL and locked-down servers are futile against web application hacking
Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 – which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.
“Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker’s prime target,” said Nick Galea, CEO of Acunetix. “Auditing one’s web apps should be the number one security concern.”
The need for an automated web application vulnerability scanner
Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What’s more, the security checks can easily be re-launched for each application update.
How Acunetix Web Vulnerability Scanner works
Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.
Automatically detects SQL injection, cross site scripting and other web vulnerabilities
SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors’ browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.
Acunetix Web Vulnerability Scanner also checks for the following web attacks:
- CRLF injection attacks
- Code execution attacks
- Directory traversal attacks
- File inclusion attacks
- Input validation attacks
- Authentication attacks.
Advanced penetration testing tools
Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.
Pricing & availability
Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta) with its New York US office scheduled to open in Q3 of 2005.
Get the latest content on web security
in your inbox each week.