As new technologies bring new security risks to light, Acunetix steps up to the challenge with the most comprehensive crawling and scanning technology in the market yet.
MALTA, 15 August 2013 — Acunetix today announced the 9th release of its award-winning Web Vulnerability Scanner, building on the experience and knowledge of several years of working with organisations across the globe securing their websites and web applications.
With as many as 70% of web sites containing exploitable web vulnerabilities potentially leading to severe business repercussions such as data theft and operational disruptions, hackers have been focusing their efforts on shopping carts, forms, login pages, dynamic content and plain-and-simple human error.
But this statistic conceals a much more worrying trend in internet security; the inability to detect new vulnerabilities resulting from the widespread adoption of more recent web application development technologies.
A case in point: HTML5
Mobility trends, the business imperative of enhanced online customer experiences, adoption by the development community and the availability of capable desktop browsers, mean that HTML5 keeps gaining more and more relevance. But this is also paving the way for new code vulnerabilities, and hackers, to find their way straight into the heart of any business’s web infrastructure.
Nick Galea, CEO of Acunetix, said: “The current crop of web vulnerability scanners on the market have so far proven to be totally inadequate in keeping up with both hackers’ escalating abilities and web application development trends such as HTML5 and Javascript. Our security researchers have long ago identified the urgent necessity for new technologies to crawl and scan these types of applications. We now have the technology in place to fill that gap; it’s called Acunetix DeepScan. We are going straight into the belly of the beast and coming out with previously undetectable vulnerabilities.”
The root of the problem, according to Mr Galea, can be traced to the superficial crawling capabilities of contemporary web application scanning tools. But the new Acunetix DeepScan is set to change all of this.
Acunetix DeepScan, which is powered by the same rendering engine used in Chrome and Safari, allows Acunetix Web Vulnerability Scanner v9 to fully interpret websites implemented using HTML5 and JavaScript-based technologies, such as AJAX and Single Page Applications. The end result? More pages crawled equates to more vulnerabilities detected.
“Crawling an application with a limited understanding of the plenitude of new tags, attributes and events possible within dynamic websites is equivalent to walking blindfolded into a room full of furniture. The only way to find your way around is by hitting stuff,” continued Mr Galea. Put that within the context of a business that relies on their customer-facing website, and hitting Grandma’s sideboard takes on a whole new meaning.
And when these new features are coupled with the capabilities inherited from the previous iteration, the new Acunetix Web Vulnerability Scanner becomes an indispensable tool for anyone concerned about their website security. In fact, v9 users will still benefit from Acunetix’s proprietary AcuSensor Technology. AcuSensor combines black box scanning techniques with feedback from sensors placed inside the source code whilst the latter is being executed. This guarantees increased vulnerability detection and reduction in false positives together with the exact pinpointing of where in the source code the vulnerability is located. This facilitates much quicker remediation of the vulnerability.
Mobile Websites Support
With over 1 billion smart phones in use worldwide, mobile-friendly websites are becoming a must for every business. But at the same time, they are increasingly becoming the preferred target of web hackers as another way into the heart of the business. Using the same layout engine of choice for the default browsers in Apple iOS, Android and Blackberry to power Acunetix DeepScan, Acunetix users can automatically detect web vulnerabilities in mobile-friendly sites and web applications. The scanning wizard has also been updated to detect when a mobile-friendly site is present and gives the user the choice of whether to scan the main web site or its mobile version.
Blind XSS
Traditional crawling and scanning techniques implemented by contemporary automated scanners are inapt at detecting Blind Cross-Site Scripting vulnerabilities, since the XSS script is not executed during the scan itself. Detection of Blind XSS vulnerabilities will however become possible with the parallel introduction of the AcuMonitor which is being made exclusively available to v9 clients.
DOM-based XSS
Detection of DOM-based XSS vulnerabilities has to-date only been possible through expensive manual penetration tests. WVS v9 will drastically increase the automated detection of DOM-based XSS.
Other New Features
The introduction of AcuMonitor also makes possible the detection of several other vulnerabilities, including:
- Server Side Request Forgery (SSRF)
- XML External Entity (XXE)
- Email Header Injection
- Host Header Attacks
Download the Trial Version
If you want to give the new version of Acunetix Web Vulnerability Scanner a try, you can download a 14-day trial version.
Availability and Pricing
Acunetix WVS v9 starts at $1,445. The latest iteration, with its enhanced features and capabilities, will be available at the same prices as version 8 until the end of 2013.
It is available through Acunetix and Acunetix resellers and distributors across the globe. For more information about Acunetix WVS availability, pricing and licensing options please visit https://www.acunetix.com/ordering/.
About Acunetix
Acunetix is a market leader in web application security technology, founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of work by a team of highly experienced security developers. Acunetix customers include the U.S. Army, U.S. Air Force, AT&T, KPMG, Telstra, Fujitsu, and Adidas.
Get the latest content on web security
in your inbox each week.