Microsoft Internet Information Services (IIS) server is one of the most popular web servers on the internet. It’s frequently used to serve ASP.NET web applications with Microsoft SQL Server backends running on Windows operating systems. Like any other software stack the IIS web server has its own security issues and attack surface, especially if you’re running legacy IIS servers (particularly IIS 6 and IIS 7).
Aside from the basics like applying the latest security patches applied, or, modifying your webconfig.xml to prevent the server from disclosing it’s IIS version; a lot of focus should be given to the security of web applications served by that web server. The easiest way to get started is to run an automated scan for security holes.
This is where Acunetix fits in. Acunetix is a web application security tool which automatically performs a vulnerability assessment of a website or web application together with any server misconfigurations. Acunetix allows you to run security checks for thousands of vulnerabilities quickly and accurately on a regular basis.
Wide technology coverage
While some attacks may be detectable by server security software such as Intrusion Detection Systems (IDS) and Web Application Firewalls (WAF), these technologies are not able to stop client-side attacks such as DOM-based Cross-site Scripting (DOM XSS). Thanks to its DeepScan technology.
Unrivalled speed and accuracy
Web application security scans are typically known for being slow. Acunetix is set to change that. With a blazing fast crawler and scanner, it is by far the fastest web application security scanner on the market, allowing you to perform automated security testing across a large number of applications concurrently.
Acunetix also provides AcuSensor, an optional sensor for ASP.NET, PHP and Java applications that are deployed on the server-side to further increase accuracy during scans and even inspect calls to and from the web application to the database server.
Beyond the vulnerability scanning
Another problem that Acunetix solves which many other vulnerability scanners fall short of is the ability to produce great reports. Acunetix can instantly generate a wide variety of other technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix allows users to export discovered vulnerabilities to Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS).
We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.