Traditional web application security testing (black-box testing) will not see how code behaves during execution, and source code analysis will not always understand what happens when code is in execution. A combination of black-box and white-box testing enhances a scan’s detection rate, whilst enabling easier remediation and guaranteeing effective web application security.
Interactive Security Testing with AcuSensor
Acunetix’s unique AcuSensor Technology for .NET, PHP and JAVA enhances a regular dynamic scan through the deployment of sensors inside the source code. AcuSensor then relays the feedback to the scanner during the source code’s execution.
- Server-side component that enables the scanner to run a gray-box (IAST) scan.
- Inspects the source code of a web application whilst it is in execution.
- Crawls the application also on the back-end providing 100% crawl coverage.
- Find and test hidden inputs not discoverable during a black-box scan
Line of Code Visibility
AcuSensor indicates the vulnerable line of code for several high-severity vulnerabilities and reports additional debug information, This greatly increases remediation efficiency and makes the developer’s task of fixing the vulnerabilities easier.
- Indicates vulnerable line of code.
- Shows SQL queries for SQL Injection vulnerabilities.
- Enables quicker remediation.
- Pinpoints what needs to be fixed and where.
|SQL Injection||100% / 0% FP||
|XSS (Reflected)||100% / 0% FP||
Lowest False Positive Rates
Detection of inexistent vulnerabilities are a nightmare to deal with. False positives reduce confidence in automated security testing and waste the developers’ time trying to find and fix vulnerabilities.
- Acunetix drives the industry’s lowest false positive and false negative rates even lower.
- Automatically verifies several high-severity vulnerabilities.
- Accurate scan results reduce the need to manually confirm detected vulnerabilities.
I was especially impressed with Acunetix since it performed a remarkably detailed and capable scan with very little effort. Reporting is comprehensive, absent of too many false positives, and produces neat and understandable reports. The layout is intuitive enough to start basic testing and yet the product is wildly powerful, leaving you room to do so much more.