Acunetix

Acunetix makes it possible for you to find out about vulnerabilities in yourwebsites and web APIs.

• Acunetix has the highest detection rating of over 6500 vulnerabilities in custom, commercial and open source apps with nearly 0% false positives.
• AcuSensor (IAST) allows you to find and test hidden inputs not discovered during black-box scanning (DAST)
• Advanced Crawling & Authentication support gives you the ability to crawl JavaScript websites and SPA

How does AcuSensor work?

The Acunetix scanner works by sending payloads and analyzing responses. When the web server receives the payload, it executes back-end code. If AcuSensor is installed, it analyzes the executed back-end code and provides the scanner with additional information.

• You must install AcuSensor on the server for the selected language. AcuSensor is available for Linux/UNIX and Windows servers.
• AcuSensor works directly with the PHP interpreter as well as Java and ASP.NET bytecode compilers.
• You do not need to modify your source code at all to use AcuSensor. This is a major advantage over IAST offerings that require you to compile sensors within your code, often requiring you to change your build process or add software dependencies to your project.

What are the benefits of AcuSensor?

When you use AcuSensor, Acunetix gets additional information from the server back end, at the time when Acunetix is scanning the web application. This additional information introduces a number of improvements.

• Ease of remediation: AcuSensor connects to the code interpreter or compiler (depending on the language) and it can identify the exact line of source code (for PHP) or point to a location in a stack trace (for Java and ASP.NET). With this information, your developers can fix vulnerabilities much faster.
• Greater precision: AcuSensor can detect the following vulnerability types with 100% confidence: SQL Injection, code injection, CRLF injection, directory traversal, arbitrary file creation/deletion, email header injection, file upload, file inclusion, file tampering, PHP code injection, and PHP SuperGlobals overwrite.
• Full coverage: AcuSensor provides a full directory listing of the web application, ensuring that the entire web application is scanned, including any hidden, unlinked locations. Additionally, AcuSensor can discover hidden GET and POST inputs, even if these are not used within the web application.

• Prioritize and classify detected issues to know how to invest your time
• Create management and compliance reports to find out what needs to be addressed
• Track fixed issues to know if they reappear and automatically retest to stay safe

• Integrate with issue trackers such as Jira to streamline bug fixing processes
• Automate new build scanning – integrate with CI tools such as Jenkins
• Get detailed technical reports to understand and address identified vulnerabilities

Vulnerability scanning with Acunetix

Acunetix is not just a web vulnerability scanner. It is a complete web application security testing solution that can be used both standalone and as part of complex environments. It offers built-in vulnerability assessment and vulnerability management, as well as many options for integration with market-leading software development tools. By making Acunetix one of your security measures, you can significantly increase your cybersecurity stance and eliminate many security risks at a low resource cost.

Automate and Integrate Your Vulnerability Management

To save resources, ease remediation, and avoid late patching, enterprises often aim to include web vulnerability tests as part of their SecDevOps processes. Acunetix is one of the best DAST tools for such a purpose due to its efficiency in both physical and virtual environments.

• Acunetix integrations are designed to be easy. For example, you can integrate Acunetix scans in your CI/CD pipeline with tools such as Jenkins in just a few steps.
• For effective vulnerability management, you can also use third-party issue trackers such as Jira, GitLab, GitHub, TFS, Bugzilla, and Mantis. For some issue trackers, Acunetix also offers two-way integration, where the issue tracker may automatically trigger additional scans depending on the issue state.
• Acunetix offers its own API that you can use to connect to other security controls and software developed by third parties or in-house. In the case of enterprise customers, Acunetix technical experts will help you integrate the tool within atypical environments.

Trust the Most Mature and Fastest Vulnerability Scanning Tool

Acunetix is the first web security scanner on the market that is constantly being improved since 2005. It is a highly mature, specialized tool developed by web security testing experts. Such specialization made it possible to build a solution that is more effective than many bundled tools.

• The Acunetix vulnerability scanning engine is written in C++, making it one of the fastest web security tools on the market. This is especially important when scanning complex web applications that use a lot of JavaScript code. Acunetix also uses a unique scanning algorithm – SmartScan, with which you can often find 80% vulnerabilities in the first 20% of the scan.
• The speed goes in line with very high vulnerability discovery effectiveness. Acunetix is also known for its very low false-positive rate, which helps you save resources during further penetration testing and lets your analysts focus on new vulnerabilities. Acunetix also provides proof of exploit for many vulnerabilities.
• To increase scanning efficiency, you can use multiple scanning engines deployed locally. Engines can work both with the Acunetix on-premise and cloud version.

Get Added Value Including Network Security

Acunetix is available in versions suited to different customer needs. It can be deployed locally on Linux and Microsoft Windows operating systems. You can also use it as a cloud product to save your local resources.

• In addition to web application vulnerabilities, such as SQL Injections and Cross-site Scripting (XSS), Acunetix helps you discover other security threats. This includes web server configuration issues or misconfigurations, unprotected assets, malware, and other security threats listed in OWASP Top 10.
• To protect your key assets, you can use the unique AcuSensor IAST technology for PHP, Java, or .NET. This technology helps you remediate by making it easier to pinpoint the cause of the security hole.
• Acunetix is integrated with the OpenVAS open-source tool. This network security scanner helps you scan your IP address ranges to discover open ports and other security vulnerabilities specific to network devices. You can handle your web and network vulnerabilities together using a single dashboard.