In-Depth SQL Injection and XSS Vulnerability TestingAcunetix rigorously tests for thousands of web application vulnerabilities including SQL Injection and XSS. However, when it comes to Dynamic Application Security Testing (DAST), while the number of tests a scanner can run is important, it is secondary to how well it can crawl and scan an application. Acunetix DeepScan technology:
- Features the highest detection rate for high severity vulnerabilities in the industry
- Reliably detects advanced DOM-based Cross-site Scripting.
Advanced Automated DOM-Based XSS Vulnerability TestingDOM-based XSS is possible if the client-side scripts of the web application write user-provided data to the Document Object Model (DOM). The data is subsequently read from the DOM by the web application and outputted to the browser. If the data is incorrectly handled, an attacker can inject a payload, which will be stored as part of the DOM and executed when the data is read back from the DOM. This advanced type of XSS is very difficult to detect.
- Acunetix scans for a wide range of advanced DOM-based XSS vulnerabilities
- It reports the DOM-based XSS source and the sink
- It provides a stack trace of the injected DOM-based XSS payload.
Detection of Blind XSS, XXE, SSRF, and Email Header InjectionTraditional methods of detecting vulnerabilities fall short when attempting to detect out-of-band vulnerabilities, that is vulnerabilities that do not provide a response to a scanner during testing. Detection of out-of-band vulnerabilities requires an intermediary service such as Acunetix AcuMonitor that checks for:
- Blind XSS and XML External Entity Injection (XXE)
- Server Side Request Forgery (SSRF) and Host Header Attacks
- Email Header Injection and Password Reset Poisoning.
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
"We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production."Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox