Defending against attacks on your website is critical to keep users and your business safe. Firewalls and TLS/SSL don’t protect your site from threats carried in normal HTTP traffic. Protecting websites against these threats requires using testing tools to scan the site for vulnerabilities.
Find the latest vulnerabilities with minimum false positives
The most basic requirement for a security scanning tool is to find known vulnerabilities reliably. While many tech teams look for open source software first, there are few good open source choices for vulnerability scanning. For effective vulnerability scanning, look to a commercially supported product. Acunetix uses advanced DeepScan technology to crawl HTML5-based web pages, AcuMonitor to detect out-of-band threats you can only find using an intermediary server, and AcuSensor Technology to guarantee low false positives. With Acunetix and these technologies, you find the security vulnerabilities that matter:
- Detect more than 4500 web application vulnerabilities.
- Detect advanced Cross-site Scripting threats, including DOM-based XSS and Blind XSS
- Detect advanced SQL injection threats, including out-of-band SQL injection (OOB SQLi)
- Detect XML External Entity Injection (XXE)
- Detect Server Side Request Forgery (SSRF).
Go beyond scanning web pages for bugs
- Use Acunetix AcuSensor to automatically run gray-box scans on your web applications via lightweight sensors inside Java, ASP.NET or PHP server-side applications
- Make security testing for vulnerabilities in password-protected pages easier with the Acunetix Login Sequence Recorder that handles CAPTCHA and multifactor authentication
- Search for known vulnerabilities in WordPress, Drupal and Joomla!, installations, including themes and plugins as well as core code
- Scan for 50,000 network vulnerabilities and misconfigurations with OpenVAS security scanner, integrated within Acunetix Online.
Don’t just find vulnerabilities, fix them
Most organizations looking to adopt open source web vulnerability scanning tools would need to invest a lot of time and energy in building the supporting infrastructure around turning vulnerability alerts into actionable insights. Acunetix gives you the information you need to manage and fix vulnerabilities as early as they occur.
- Get vulnerability details down to the line-of-code, indicating exactly where the problem lies, along with debug information to help them correct the issue
- Acunetix seamlessly integrates with bug trackers like Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS)
- Managers get vulnerability reporting that helps track and prioritize the work
- Reports compare results between scans to confirm that issues are corrected
- Generate compliance reports to satisfy industry standards like HIPAA and PCI DSS.
We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.