PHP security vulnerabilities are a major cause for concern when it comes to web applications written in the PHP language since successful exploitation of such security flaws may lead to several commonly exploited attacks.
Many vulnerabilities are usually not difficult to fix, but finding them in large codebases could be challenging without the right tools. Acunetix is a web application vulnerability scanner that automatically tests web applications for SQL Injection, Cross-site Scripting (XSS), Local File Inclusion, LDAP injection and a plethora of other security issues.
Beyond Low Hanging Fruit
The Acunetix web application security scanner can scan for a myriad of security vulnerabilities and goes well beyond basic security tests may other scanners typically perform, all while keeping false positives to an absolute minimum.
Beyond all of this, Acunetix can also detect known vulnerabilities in PHP scripts and other open-source projects such as vulnerable WordPress plugins.
Runtime PHP Source Code Analysis
In addition to being a fully automated black-box scanner (uses HTTP without any access to the PHP code), Acunetix also provides AcuSensor as part of its standard offering. AcuSensor is a an optional sensor for PHP applications (also available for Java and ASP.NET) that can easily be deployed on the application webserver backend to analyze the source code while it is in execution by the scanner.
This type of testing is known as gray-box testing since it combines the best of both worlds from black-box testing and white-box (static source code analysis) testing. When testing for file inclusion vulnerabilities, Acunetix AcuSensor increases the accuracy of a scan since it has access to the code at the back end. With AcuSensor, Acunetix can also test pages that would not otherwise be discovered via crawling thanks to AcuSensor’s back-end crawl technology.
Simple Reporting and Issue Tracker Integration
Another issue that Acunetix solves over some other scanning tools is the ability to instantly generate a wide variety of technical, regulatory, and compliance reports such as PCI DSS, HIPAA, OWASP Top 10, and many others.
Additionally, Acunetix allows users to export discovered vulnerabilities to issue trackers such as Atlassian Jira, GitHub, GitLab, Bugzilla, Mantis, and Microsoft Team Foundation Server (TFS). Additionally, if you use Jenkins as your continuous integration tool, Acunetix can even directly integrate with it.
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
"We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production."Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox