Acunetix includes advanced tools for penetration testers to take web security testing further, while integrating both with external tools as well as tools to aid in testing business-logic web applications.
Take Automated Scanning Further
The manual penetration testing tools available to download for free allows veteran testers as well as up and coming security researchers, the ability to manually test web applications for logical flaws.
- Intercept, log and modify HTTP traffic on the fly.
- Fuzz test validation and handling of invalid or random data.
- Export Blind SQL Injection vulnerabilities and perform automated database data extractions.
- Import manual crawl data from Acunetix HTTP Editor, Telerik Fiddler, Portswigger BurpSuite and HAR (HTTP Archive) files.
Automatic Web Application Firewall (WAF) configuration
Acunetix integrates with popular WAFs to automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that the scanner finds. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them. Acunetix integrates with:
- Imperva SecureSphere.
- F5 BIG-IP Application Security Manager.
- FortiWeb WAF.
Integration and Extensibility
Acunetix features a powerful RESTful Application Programming Interface (REST API). The REST API allows access and management of Scan Targets, Scans, Vulnerabilities, Reports and other resources within Acunetix in a simple, programmatic manner using conventional HTTP requests.
- Intuitive and powerful API endpoints.
- Easily retrieve results and execute actions.
- Seamlessly integrate Acunetix into complex, custom workflows and processes.
We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.