Audit your website security with Acunetix Web Vulnerability Scanner. As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information & customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.
Firewalls, SSL & locked-down servers are futile against web application hacking!
Web application attacks, launched on port 80/443, go straight through the firewall, past operating system & network level security, & right in to the heart of your application & corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities & are therefore easy prey for hackers.
Acunetix - a world-wide leader in web application security
Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 & developed an engineering lead in web site analysis & vulnerability detection.
Acunetix Web Vulnerability Scanner includes many innovative features:
* Industries' most advanced & in-depth SQL injection & Cross site scripting testing
* Visual macro recorder makes testing web forms & password protected areas easy
* Extensive reporting facilities including VISA PCI compliance reports
* Multi-threaded & lightning fast scanner crawls hundreds of thous&s of pages with ease
* Intelligent crawler detects web server type & application language
* Acunetix crawls & analyzes websites including flash content, SOAP & AJAX
Which Vulnerabilities does Acunetix WVS Check for?
Acunetix WVS automatically checks for the following vulnerabilities among others:
* Version Check
o Vulnerable Web Servers
o Vulnerable Web Server Technologies - such as "PHP 4.3.0 file disclosure & possible code execution.
* CGI Tester
o Checks for Web Servers Problems - Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
o Verify Web Server Technologies
* Parameter Manipulation
o Cross-Site Scripting (XSS) - over 40 different XSS variations are tested.
o SQL Injection
o Code Execution
o Directory Traversal
o File Inclusion
o Script Source Code Disclosure
o CRLF Injection
o Cross Frame Scripting (XFS)
o PHP Code Injection
o XPath Injection
o Full Path Disclosure
o LDAP Injection
o Cookie Manipulation
o Arbitrary File creation (AcuSensor Technology)
o Arbitrary File deletion (AcuSensor Technology)
o Email Injection (AcuSensor Technology)
o File Tampering (AcuSensor Technology)
o URL redirection
o Remote XSL inclusion
* MultiRequest Parameter Manipulation
o Blind SQL/XPath Injection
+ DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
+ FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
+ Security & configuration checks for badly configured proxy servers
+ Checks for weak SNMP community strings & weak SSL cyphers
+ & many other network level vulnerability checks!
Other vulnerability tests may also be preformed using the manual tools provided, including:
* Input Validation
* Authentication attacks
* Buffer overflows
* Blind SQL injection
* Sub domain scanning
Home Page - http://www.acunetix.com/