With data breaches being a constant news item and a constantly changing regulatory landscape, one must do more than merely patching their Windows and Linux operating systems. The next generation of threats go beyond simply deploying SSL/TLS and centre around web applications, web servers such as Nginx, Microsoft IIS, and Apache HTTP server and similar web server software.
Aside from the usual security best practices such as making sure your web server security software has the latest security patches applied, log files safely stored and access to the web server (typically via SSH) controlled via dedicated administrator accounts; a secure web server also needs secure web server configurations, especially in production environments.
This is where Acunetix fits in. Acunetix is a web application security tool which automatically tests the security posture of your web applications, as well as any server security misconfigurations. Acunetix allows you to assess web application and web server security by testing for thousands of vulnerabilities quickly and accurately. Acunetix achieves this by combining a re-engineered crawler and scanner with a vast array of highly tuned test cases, intelligently designed to run as fast and efficiently as possible.
Wide Technology Coverage
Acunetix takes technology support to the next level with the best of breed JavaScript support thanks to it’s fully automated JavaScript and browsing engine called DeepScan. While some attacks may be detectable by server security software such as Intrusion Detection Systems (IDS) and Web Application Firewalls (WAF), these technologies are not able to stop client-side attacks such as DOM-based Cross-site Scripting (DOM XSS). Thanks to its DeepScan technology, Acunetix can combat this blind spot by detecting hard to find DOM XSS vulnerabilities together with other forms of Cross-site Scripting which would otherwise be invisible to the majority of server security software. In addition to all of this, Acunetix can also detect Out of Band (OOB) vulnerabilities thanks to it’s AcuMonitor technology, which would otherwise be impossible to detect using only server security software. Thanks to AcuMonitor, vulnerabilities may be out of band, but they’re not out of sight.Unrivaled Speed and Accuracy
Web application security scans are typically known for being slow. Acunetix is set to change that. With a re-engineered crawler and scanner, Acunetix is up to twice as fast as it’s previous versions, and is by far the fastest web security scanner on the market. Additionally, Acunetix also provides AcuSensor, an optional sensor for Java, ASP.NET and PHP applications that is deployed on the server-side to further increase accuracy during scans and even inspect calls to and from the web application to the database server. It’s also possible to throttle the speed at which a scan runs, ensuring that it’s still possible to scan web applications which are protected by server security software such as WAFs or IDSs. You can also schedule scans to run at specific times in a day, week or month, or even define your own custom schedule. Run scans on a continuous basis with Acunetix running a quick scan every day of the week and a full scan run once a week. This ensures that any new vulnerabilities that may have been introduced in-between full scans get picked up by Acunetix immediately.
We utilize Acunetix to more thoroughly assess internet-facing websites and servers. Acunetix helps us identify vulnerabilities in conjunction with other vulnerability scanning applications. Acunetix has been a more reliable application when discovering / determining different types of malicious code injection vulnerabilities (SQL, HTML, CGI, etc).