Could your website be hacked?

Facts & stats about hacking

  • There is a malicious hacker attack every 39 seconds!
  • 73% of black hat hackers said traditional firewall & AV security is irrelevant or obsolete
  • Russian black hat hackers can infiltrate a computer network in 18 minutes
  • Cybercrime is more profitable than the global illegal drug trade!*



Cybersecurity Risks

  • Malicious hackers now targeting SMEs and enterprises
  • Any website is susceptible to being hacked:
    • 46% of websites are susceptible to high-severity vulnerabilities

    • 87%  of websites are susceptible to medium-severity vulnerabilitie

  • Consequences of vulnerabilities
    • Data theft, compliance loss
    • Downtime
    • Reputation damage, loss of data /  time  / money to fix
    • Liability, Regulatory fines
    • Job loss, and even business closure.

Source: Acunetix 2019 web application vulnerability report


What can Acunetix do for you?



What are the vulnerabilities in your websites and web APIs?


Acunetix makes it possible for you to find out about vulnerabilities in yourwebsites and web APIs.

  • Acunetix has the highest detection rating of over 6500 vulnerabilities in custom, commercial and open source apps with nearly 0% false positives.
  • AcuSensor (IAST) allows you to find and test hidden inputs not discovered during black-box scanning (DAST)
  • Advanced Crawling & Authentication support gives you the ability to crawl JavaScript websites and SPA


How does AcuSensor work?


The Acunetix scanner works by sending payloads and analyzing responses. When the web server receives the payload, it executes back-end code. If AcuSensor is installed, it analyzes the executed back-end code and provides the scanner with additional information.

  • You must install AcuSensor on the server for the selected language. AcuSensor is available for Linux/UNIX and Windows servers.
  • AcuSensor works directly with the PHP interpreter as well as Java and ASP.NET bytecode compilers.
  • You do not need to modify your source code at all to use AcuSensor. This is a major advantage over IAST offerings that require you to compile sensors within your code, often requiring you to change your build process or add software dependencies to your project.


What are the benefits of AcuSensor?


When you use AcuSensor, Acunetix gets additional information from the server back end, at the time when Acunetix is scanning the web application. This additional information introduces a number of improvements.

  • Ease of remediation: AcuSensor connects to the code interpreter or compiler (depending on the language) and it can identify the exact line of source code (for PHP) or point to a location in a stack trace (for Java and ASP.NET). With this information, your developers can fix vulnerabilities much faster.
  • Greater precision: AcuSensor can detect the following vulnerability types with 100% confidence: SQL Injection, code injection, CRLF injection, directory traversal, arbitrary file creation/deletion, email header injection, file upload, file inclusion, file tampering, PHP code injection, and PHP SuperGlobals overwrite.
  • Full coverage: AcuSensor provides a full directory listing of the web application, ensuring that the entire web application is scanned, including any hidden, unlinked locations. Additionally, AcuSensor can discover hidden GET and POST inputs, even if these are not used within the web application.



Fix identified security issues to avoid breaches


  • Prioritize and classify detected issues to know how to invest your time
  • Create management and compliance reports to find out what needs to be addressed
  • Track fixed issues to know if they reappear and automatically retest to stay safe



    How to prevent hazards at the earliest stages of the SDLC


    • Integrate with issue trackers such as Jira to streamline bug fixing processes
    • Automate new build scanning – integrate with CI tools such as Jenkins
    • Get detailed technical reports to understand and address identified vulnerabilities


    Vulnerability scanning with Acunetix


    Acunetix is not just a web vulnerability scanner. It is a complete web application security testing solution that can be used both standalone and as part of complex environments. It offers built-in vulnerability assessment and vulnerability management, as well as many options for integration with market-leading software development tools. By making Acunetix one of your security measures, you can significantly increase your cybersecurity stance and eliminate many security risks at a low resource cost.


    Automate and Integrate Your Vulnerability Management


    To save resources, ease remediation, and avoid late patching, enterprises often aim to include web vulnerability tests as part of their SecDevOps processes. Acunetix is one of the best DAST tools for such a purpose due to its efficiency in both physical and virtual environments.

    • Acunetix integrations are designed to be easy. For example, you can integrate Acunetix scans in your CI/CD pipeline with tools such as Jenkins in just a few steps.
    • For effective vulnerability management, you can also use third-party issue trackers such as Jira, GitLab, GitHub, TFS, Bugzilla, and Mantis. For some issue trackers, Acunetix also offers two-way integration, where the issue tracker may automatically trigger additional scans depending on the issue state.
    • Acunetix offers its own API that you can use to connect to other security controls and software developed by third parties or in-house. In the case of enterprise customers, Acunetix technical experts will help you integrate the tool within atypical environments.


    Trust the Most Mature and Fastest Vulnerability Scanning Tool


    Acunetix is the first web security scanner on the market that is constantly being improved since 2005. It is a highly mature, specialized tool developed by web security testing experts. Such specialization made it possible to build a solution that is more effective than many bundled tools.

    • The Acunetix vulnerability scanning engine is written in C++, making it one of the fastest web security tools on the market. This is especially important when scanning complex web applications that use a lot of JavaScript code. Acunetix also uses a unique scanning algorithm – SmartScan, with which you can often find 80% vulnerabilities in the first 20% of the scan.
    • The speed goes in line with very high vulnerability discovery effectiveness. Acunetix is also known for its very low false-positive rate, which helps you save resources during further penetration testing and lets your analysts focus on new vulnerabilities. Acunetix also provides proof of exploit for many vulnerabilities.
    • To increase scanning efficiency, you can use multiple scanning engines deployed locally. Engines can work both with the Acunetix on-premise and cloud version.


    Get Added Value Including Network Security


    Acunetix is available in versions suited to different customer needs. It can be deployed locally on Linux and Microsoft Windows operating systems. You can also use it as a cloud product to save your local resources.

    • In addition to web application vulnerabilities, such as SQL Injections and Cross-site Scripting (XSS), Acunetix helps you discover other security threats. This includes web server configuration issues or misconfigurations, unprotected assets, malware, and other security threats listed in OWASP Top 10.
    • To protect your key assets, you can use the unique AcuSensor IAST technology for PHP, Java, or .NET. This technology helps you remediate by making it easier to pinpoint the cause of the security hole.
    • Acunetix is integrated with the OpenVAS open-source tool. This network security scanner helps you scan your IP address ranges to discover open ports and other security vulnerabilities specific to network devices. You can handle your web and network vulnerabilities together using a single dashboard.



    Prianto - value-added distributor of Acunetix solutions