Blind SQL Injection Scanner

Blind SQL Injection (Blind SQLi) vulnerabilities are a class of SQL Injection vulnerabilities, which can be leveraged by an attacker to exfiltrate data out of a database server (MySQL, MSSQL, Oracle, etc.). Blind SQL Injection attacks, while slightly harder for an attacker to pull off, expose the exact same threats that error-based and UNION-based SQL Injections do. Blind SQL Injection vulnerabilities may in some cases even lead to remote code execution (RCE). Once an attacker gains the ability to execute arbitrary code on an application, it’s much easier for that attacker to escalate their attack and do more damage, such as, for example, “pivoting” to other hosts on the internal network in order to steal sensitive data. Acunetix is a web security scanner designed to be lightning-fast and dead-simple to use while providing all the necessary features to manage and track vulnerabilities from discovery to resolution.

Acunetix scans for SQL Injection online including several variations of SQLi such as out-of-band SQL Injection. While many vulnerability scanners can find low-hanging vulnerabilities, Acunetix goes well beyond just the basics thanks to its advanced crawler and JavaScript engine called DeepScan. Thanks to DeepScan, Acunetix also has full support for modern single-page applications (SPAs) and can understand and fully test applications that rely on JavaScript frameworks like React, Angular, Ember, and Vue. This means Acunetix can understand an underpinning RESTful API when crawling a SPA. Since Acunetix can understand more than just JSON and XML, it can build a correct input scheme (an internal representation of web application input), which it may then rigorously test for SQL Injection, Cross-site Scripting, file inclusion, and other web application vulnerabilities.

In addition to being a fully automated black box (no knowledge of back end code) vulnerability scanner, Acunetix also provides AcuSensor as part of its standard offering. AcuSensor is a an optional sensor for Java, ASP.NET, and PHP applications that can easily be deployed on the application back end. Once deployed, each SQL query is analysed while it is in execution by the scanner.

Finally, another problem that Acunetix solves, which many other web vulnerability scanners sorley lack, is the ability to produce great reports. After a vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical, regulatory, and compliance reports such as PCI DSS, HIPAA, OWASP Top 10, and many others. Additionally, Acunetix also allows users to export discovered vulnerabilities to issue trackers such as Atlassian JIRA, GitHub, GitLab, Mantis, Bugzilla, and Microsoft Team Foundation Server (TFS).