- SQL Injection, including Blind SQL Injection
- Cross-site Scripting (XSS), including advanced DOM-based XSS
- Server-side Request Forgery (SSRF) and host header attacks
Check Your Website for Threats from Libraries and Other ComponentsYour website security can also be threatened by vulnerabilities in open-source libraries and frameworks. Acunetix looks for vulnerabilities in both your and third-party code such as:
- Known risks in WordPress core, themes, and plugins
- URLs linked to phishing and website malware
- Vulnerabilities in RESTful and SOAP APIs whether they’re using JSON or XML
- Acunetix Premium uses the OpenVAS scanner to find external network vulnerabilities like open ports and server misconfigurations.
Create a Plan to Audit Your WebsiteWith so many potential website security vulnerabilities, it’s important to have a plan to make sure your vulnerability management efforts are effective. You don’t want to become aware of a hacked website when it is too late. Use the Acunetix online website vulnerability scanner to make it easy and effective to comprehensively scan your website:
- Amongst the industry’s highest vulnerability detection rate with the least number of false positives and proof of exploit, ensuring you don’t waste time chasing non-existent problems and can focus on closing real security holes
- Check test results in comprehensive scan reports that identify issues (tracking down to the line of code causing them when using AcuSensor)
- Integrate Acunetix with Atlassian Jira, GitHub, GitLab, Bugzilla, Microsoft TFS, Mantis, and other bug tracking tools to make it easy to manage remediation
- Use comparison reports to verify that web vulnerabilities have been properly corrected
Frequently asked questions
If you design your own websites and you do not scan them, they almost certainly have web vulnerabilities. Even if you use third-party software such as WordPress, there is a big chance that your websites are not secure. Such vulnerabilities may lead to data breaches and/or loss of reputation.
If a web vulnerability scanner misses important vulnerabilities or reports inexistent ones, you cannot trust it. Choose a vulnerability scanner that can prove that vulnerabilities really exist (Acunetix can do that), one that has been on the market for a long time (Acunetix is the industry pioneer), and one that is made by experts (Acunetix fully focuses on web security).
In the case of most products, including Acunetix, there is no difference in the functionality of on-premise and online versions. The good thing about online (cloud) scanners is that they don´t consume your resources. However, you cannot use an online scanner to scan your local company resources unless you make them accessible via the Internet.
Web vulnerabilities are considered much more problematic than network vulnerabilities. Most network vulnerabilities can be fixed by upgrading products or closing ports. Most web vulnerabilities require your own developers to fix the code. Also, currently, most business resources are in the cloud and companies don´t have that many own network resources to protect.
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
“We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.”Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox