An important update has just been rolled out to Acunetix Online Vulnerability Scanner (OVS) which includes 2 features unique to Acunetix – AcuSensor and AcuMonitor. Both technologies have been successfully used in Acunetix WVS to enhance scan results by improving vulnerability detection and detecting difficult to detect vulnerabilities such as Blind XSS, reducing false positives and providing additional information that helps developers address the vulnerabilities detected.
Acunetix OVS now features the unique AcuSensor Technology that analyzes code on the server at the precise moment that it gets executed. This in turn results in a higher vulnerability detection rate and importantly the reduction of false positives. Through the use of AcuSensor, Acunetix OVS is also able to indicate the exact location of the vulnerability within the code and therefore report debug information. This increased accuracy is achieved by combining black box scanning techniques with feedback from sensors placed inside the source code while the source code is executed. Black box scanning alone cannot interpret how the application reacts, while source code analyzers do not understand how the application will behave while it is being attacked. Therefore combining these techniques achieves far more relevant results than using source code analyzers or black box scanning independently. AcuSensor not only finds more vulnerabilities than conventional scanners, (including all kinds of SQL injection and XSS vulnerabilities), but also saves valuable time for security and development teams.
AcuMonitor Technology is used to detect specific types of vulnerabilities, which cannot be detected without the use of an intermediary server. Traditional crawling and scanning techniques implemented by automated web vulnerability scanners on the market today are inapt at detecting vulnerabilities such as Blind XSS, Server Side Request Forgery (SSRF), XXE, Email Header Injection and Host Header based attacks. These web vulnerabilities are used to launch an attack from your web application to other servers, use your web application to distribute SPAM, or use injected code that may be executed after some time, possibly within a connected web application and therefore cannot be detected at the time of the scan. These vulnerabilities can only be detected or verified using a service such as AcuMonitor, which interacts with the scanner and reports such vulnerabilities during and after the scan.
All existing customers and trial accounts can already benefit from the update. Download your AcuSensor from your Scan Target’s configuration, and follow the instructions in the Getting Started Guide to install it in your web application before launching your next scan. Vulnerabilities detected by AcuMonitor will be automatically included in the scan results. You will be notified by email when vulnerabilities are detected after the scan has finished.