Acunetix’s unique AcuSensor Technology enhances a regular dynamic scan through an Interactive Application Security Testing (IAST) deployment of sensors inside the source code. AcuSensor will then relay feedback to the scanner during the source code’s execution. In web application security testing, the combination of black-box and white-box testing (commonly referred to as gray-box testing) further enhances the scanner’s detection rate.
Acunetix achieves top scores in SQLi, XSS and hidden file detection benchmarks. Source – SecTools Addict Benchmark
Interactive Security Testing with AcuSensor
Traditional web application security testing (black-box testing) will not see how code behaves during execution and source code analysis will not always understand what happens when code is in execution. AcuSensor marries these two methodologies and is able to achieve a significantly higher detection of vulnerabilities. Typically, SQL injection vulnerabilities can only be found if database errors are reported, or through ‘blind’ techniques. With AcuSensor, SQL Injection vulnerabilities can be detected in all SQL queries; including
Pinpoints Exact Location of Vulnerabilities
AcuSensor technology can indicate the line of code where the vulnerability lies and report additional debug information. This greatly increases remediation efficiency and makes the developer’s task of fixing the vulnerabilities easier.
Back-end File Crawling
AcuSensor can run a back-end crawl, presenting all files accessible through the web server to the scanner; even if these files are not linked through the front-end application. This ensures 100% coverage of the application, and alerts users of any backdoor files that might have been maliciously uploaded by an attacker.
Lowest False Positive Rates
Detection of inexistent vulnerabilities are a nightmare to deal with. False positives reduce confidence in the scanner and waste the time of pen-testers and developers alike in trying to find and fix vulnerabilities. Acunetix excels with the lowest false positive rate in the industry, saving valuable time for your security and development teams.
AcuSensor Technology can automatically verify vulnerabilities found through black box scanning techniques by performing additional tests during the execution of the application’s source code. This allows an Acunetix scan to give a near to 0% false positive rate when AcuSensor is used.
|SQL Injection||100% / 0% FP||
|XSS (Reflected)||100% / 0% FP||
I was especially impressed with Acunetix since it performed a remarkably detailed and capable scan with very little effort. Reporting is comprehensive, absent of too many false positives, and produces neat and understandable reports. The layout is intuitive enough to start basic testing and yet the product is wildly powerful, leaving you room to do so much more.