PHP security vulnerabilities are a major cause for concern when it comes to web applications written in the PHP language since successful exploitation of such security flaws may lead to several commonly exploited attacks
Many vulnerabilities are usually not difficult to fix, but finding them in large codebases could be challenging without the right tools. Acunetix is a web application vulnerability scanner that automatically tests web applications for SQL Injection, Cross-site Scripting (XSS), Local File Inclusion, LDAP injection and a plethora of other security issues.
Beyond low hanging fruit
Acunetix’s web application security scanner can scan for a myriad of security vulnerabilities and goes well beyond the basic security tests may other scanners typically perform, all while keeping false positives to an absolute minimum.
Beyond all of this, Acunetix can also detect known vulnerabilities in PHP scripts and other open source projects such as vulnerable WordPress plugins.
Runtime PHP source code analysis
In addition to being a fully automated black box (run over HTTP without any access to the PHP code), Acunetix also provides AcuSensor as part of its standard offering. AcuSensor is a an optional sensor for PHP applications (also available for Java, ASP.NET) that can easily be deployed on the application’s webserver backend to analyze source code while it is in execution by the scanner.
This type of testing is known as gray box testing since it combines the best of both worlds from black box testing and whitebox (static source code analysis) testing. When testing for file inclusion vulnerabilities, Acunetix AcuSensor increases the accuracy of a scan since it has access to the code on the backend. With AcuSensor, Acunetix can also test pages that would not otherwise be discovered via crawling thanks to AcuSensor’s backend crawl technology.
Simple reporting and Issue Tracker integration
Another issue that Acunetix solves over some other scanning tools is the ability to instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix allows users to export discovered vulnerabilities to Issue Trackers such as Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS). Additionally, if you use Jenkins as your continuous integration tool, Acunetix can even directly integrate with it.
Don’t sit idle on security flaws. Save time and get the most out of your web security efforts with Acunetix. Try Acunetix online or download it now to try it on premises to gain the insight you need to build and maintain secure web applications.
We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.