Web application security vulnerabilities come from the code your developers write, misconfigured web servers, and software. Hackers are constantly probing websites to discover security holes they can exploit to steal valuable data. Even the largest companies make headlines when they’ve suffered a data breach.
Defending against these threats is tough. SSL/TLS encrypt communications but don’t block intruders. Web application firewalls don’t prevent attacks either, because the attacks come through on the same ports and protocols as legitimate traffic. Instead only of trying to block attackers, it’s more effective to detect and remediate web application vulnerabilities so hackers can’t exploit them. Test website vulnerabilities online with the Acunetix security suite and use the comprehensive reports to remediate issues before deploying the site in production.
Look for as many vulnerabilities as you can
The Open Web Application Security Project (OWASP) has a well-known list of the top 10 web application security risks, but beyond it, there are thousands of widely abused security vulnerabilities that hackers exploit. Acunetix security scanner checks for thousands of security vulnerabilities, including:
- SQL injection and blind SQL injection
- Cross-site scripting (XSS) and blind XSS
- XML External Entity (XEE) injection
- Server-Side Request Forgery
- Host Header attacks
- Email header injection.
Because your website may contain security vulnerabilities due to the CMS platforms you use, Acunetix security scanning checks WordPress, Drupal and Joomla! security for issues including:
- Known vulnerabilities in plugins, templates, and core components
- Configuration errors like weak admin passwords, user account enumeration, and accessible copies of configuration files
- Malware masquerading as plugins.
To ensure your test results are comprehensive, Acunetix uses advanced technology:
- AcuSensor to pinpoint exact location of vulnerability via sensors in the source code
- AcuMonitor to detect out-of-band security vulnerabilities
- Login Sequence Recorder to enable testing of password-protected pages.
Fix your web application security vulnerabilities
Once your website vulnerability scanner identifies vulnerabilities in your site, fix them! Use the test results to create a plan to remediate your security issues. In addition to comprehensive scan reports, Acunetix offers these features to make it easier to close security holes:
- AcuSensor links scan result to the line of code that creates the issue
- Security issues can be integrated into issue trackers like Atlassian JIRA and GitHub
- Comparison reports allow you to confirm remediation efforts worked correctly.
We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.