With traditional web application security testing (black-box testing), there is no visibility of how code behaves during execution. When doing source code analysis, it is also often difficult to understand what happens when code is in execution. A combination of black-box and white-box testing enhances the detection rate of a scan, enables easier remediation, and guarantees effective web application security.
Interactive Security Testing with AcuSensor
The unique Acunetix AcuSensor Technology for .NET, PHP, and JAVA enhances a regular dynamic scan through the deployment of sensors inside the source code. AcuSensor then relays the feedback to the scanner during source code execution.
- Server-side component that enables the scanner to run a gray-box (IAST) scan
- Inspects the source code of a web application while it is executing
- Crawls the application also at the back end providing 100% crawl coverage
- Finds and tests hidden inputs that are not discovered during a black-box scan
Line of Code Visibility
AcuSensor indicates the vulnerable line of code for several high-severity vulnerabilities and reports additional debug information. This greatly increases remediation efficiency and makes the developer’s task of fixing the vulnerabilities easier.
- Indicates vulnerable line of code
- Shows SQL queries for SQL Injection vulnerabilities
- Enables quicker remediation
- Pinpoints what needs to be fixed and where
|SQL Injection||100% / 0% FP||
|XSS (Reflected)||100% / 0% FP||
Lowest False Positive Rates
If a detected vulnerability turns out to be inexistent, it is a nightmare to deal with. False positives reduce confidence in automated security testing and waste the time that developers spend trying to find and fix vulnerabilities.
- Acunetix has the lowest false positive and false negative rates in the industry
- It automatically verifies several high-severity vulnerabilities
- Accurate scan results reduce the need to manually confirm detected vulnerabilities
I was especially impressed with Acunetix since it performed a remarkably detailed and capable scan with very little effort. Reporting is comprehensive, absent of too many false positives, and produces neat and understandable reports. The layout is intuitive enough to start basic testing and yet the product is wildly powerful, leaving you room to do so much more.