The Heartbleed bug (CVE-2014-0160) is a serious vulnerability in the popular OpenSSL cryptographic software library commonly used in SSL/TLS encryption used to secure everything from web applications to SMTP servers. This weakness allows stealing potentially sensitive information from server memory – including private encryption keys and session cookies. The OpenSSL Heartbleed vulnerability affects OpenSSL versions 1.0.1 through 1.0.1f.
While this is an old bug, there are still swaths of web servers and application vulnerable to it. Leaving the OpenSSL vulnerability unpatched is a major security risk. This is where Acunetix can help.
Acunetix is a web application vulnerability scanner, which automatically tests the security posture of your web applications as well as any server security misconfigurations. Acunetix allows you to assess web application and web server security by testing for thousands of vulnerabilities quickly and accurately on a regular basis. Acunetix achieves this by combining a crawler and scanner with a vast array of highly tuned test cases, intelligently designed to run as fast and efficiently as possible.
Wide Technology Coverage
Acunetix takes technology support to the next level with the best-of-breed JavaScript support thanks to its fully automated JavaScript and browsing engine called DeepScan. While some attacks may be detectable by server security software such as intrusion detection systems (IDS) and web application firewalls (WAF), these technologies are not able to stop client-side attacks such as DOM-based Cross-site Scripting (DOM XSS). Thanks to its DeepScan technology, Acunetix can combat this blind spot by detecting hard to find DOM XSS vulnerabilities together with other forms of Cross-site Scripting, which would otherwise be invisible to the majority of server security software.
Unrivaled Speed and Accuracy
Web application security scans are typically known for being slow. Acunetix is set to change that. With a blazing-fast crawler and scanner, it is by far the fastest web application security scanner on the market, allowing you to perform automated security testing across a large number of applications concurrently. What’s more, in Acunetix it’s possible to throttle the speed at which a scan runs, ensuring that it’s still possible to scan web applications, which are protected by server security software such as WAFs or IDSs. You can also schedule web application vulnerability scans to run at specific times of a day, week or month, or even define your own custom schedule.Recommended reading
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
“We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.”
Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox