Blind SQL Injection (Blind SQLi) vulnerabilities are a class of SQL Injection vulnerabilities, which can be leveraged by an attacker to exfiltrate data out of a database server (MySQL, MSSQL, Oracle, etc.).
Blind SQL Injection attacks, while slightly harder for an attacker to pull off, expose the exact same threats that error-based and UNION-based SQL Injections do. Blind SQL Injection vulnerabilities may in some cases even lead to remote code execution (RCE). Once an attacker gains the ability to execute arbitrary code on an application, it’s much easier for that attacker to escalate their attack and do more damage, such as, for example, “pivoting” to other hosts on the internal network in order to steal sensitive data.
Acunetix is a web security scanner designed to be lightning-fast and dead-simple to use while providing all the necessary features to manage and track vulnerabilities from discovery to resolution.
Beyond Low-Hanging Fruit
Runtime Source Code Analysis
In addition to being a fully automated black box (no knowledge of back end code) vulnerability scanner, Acunetix also provides AcuSensor as part of its standard offering. AcuSensor is a an optional sensor for Java, ASP.NET, and PHP applications that can easily be deployed on the application back end. Once deployed, each SQL query is analysed while it is in execution by the scanner.
Say Goodbye to Useless Reports
Finally, another problem that Acunetix solves, which many other web vulnerability scanners sorley lack, is the ability to produce great reports. After a vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical, regulatory, and compliance reports such as PCI DSS, HIPAA, OWASP Top 10, and many others. Additionally, Acunetix also allows users to export discovered vulnerabilities to issue trackers such as Atlassian JIRA, GitHub, GitLab, Mantis, Bugzilla, and Microsoft Team Foundation Server (TFS).
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
“We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.”Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox