Acunetix

Combating the web vulnerability threat

Securing the web applications of today's businesses is perhaps the most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications -- which often have a direct line into the company's most valuable data assets -- are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.

Acunetix was founded with this threat in mind. It was understood that the only way to combat website hacking was to develop an automated tool that could help companies scan their web applications to identify and resolve exploitable vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a heuristic tool designed to replicate a hacker's methodology to find dangerous vulnerabilities -- like SQL injection and cross site scripting -- before hackers do. Acunetix WVS brings an extensive feature-set of both automated and manual penetration testing tools, enabling security analysts to perform a complete

vulnerability assessment, and repair detected threats, with just the one product.

The Acunetix development team consists of highly experienced security developers, all with extensive development experience in network security scanning software prior to working on Acunetix WVS. The management team is backed by years of experience in marketing and selling security software.

Acunetix customers include: Bank of China, US Army, NASA, Telstra, AmSouth Bank, Fujitsu, San Diego County Credit Union, US Department of Agriculture, California Department of Justice, US Air Force, Wescom Credit Union, State of Virginia Gov dep, US Geological Service and many more.

Acunetix is a privately held company with its offices in Malta and the UK. It is a Microsoft Certified Partner and forms part of a group of software companies which includes 2X Software, a developer of thin client software, and 3CX, a developer of IP PBX software for Windows.

Audit Your Website Security with Acunetix Web Vulnerability ScannerAcunetix is available as Software (On Premise) Acunetix Web Vulnerability Scanner (WVS) or Online (Hosted) Acunetix Online Vulnerability Scanner (OVS).

With the uptake of cloud computing and the advancements in browser technology, web applications and web services have become a core component of many business processes, and therefore a lucrative target for attackers. Over 70% of websites and web applications however, contain vulnerabilities that could lead to the theft of sensitive corporate data, credit cards, customer information and Personally Identifiable Information (PII).

Firewalls, SSL and Hardened Networks Are Futile Against Web Application Hacking

Cyber criminals are focusing their efforts on exploiting weaknesses in web applications such as eCommerce platforms, blogs, login pages and other dynamic content. Insecure web applications and web services not only provide attackers access to backend databases but also allow them to perform illegal activities using compromised sites.

Web application attacks are carried out over HTTP and HTTPS; the same protocols that are used to deliver content to legitimate users. Yet web application attacks, both on free open-source software, such as WordPress, Drupal and Joomla!, as well as commercial or custom-built applications, can have repercussions that are the same, or worse than traditional network-based attacks.

The Technology Leaders in Automated Web Application Security

DeepScan Technology allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage complex technologies such as SOAP/WSDL, SOAP/WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations.

Industry’s most advanced and robust SQL Injection and Cross-site Scripting testing, including advanced detection of DOM-based Cross-site Scripting.

AcuSensor Technology allows accurate scanning further reducing the false positive rate, by combining black box scanning techniques with feedback from its sensors placed inside the source code.

Fast, Accurate, Easy to Use

Multi-threaded, lightning fast crawler and scanner that can crawl hundreds of thousands of pages without interruptions.

Highest detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress’ core, themes and plugins.

An easy to use Login Sequence Recorder that allows the automatic crawling and scanning of complex password protected areas including multi-step, Single Sign-On (SSO) and OAuth-based websites.

Easily generate a wide variety of technical and compliance reports aimed towards developers and business owners alike.

Highest Crawl and Analysis Rate for HTML5 and JavaScript Security

A fundamental process during any scan is the scanner’s ability to properly crawl an application. Acunetix Vulnerability Scanner features DeepScan Technology; an HTML5 crawling and scanning engine that fully replicates user interaction inside of a browser by executing and analyzing JavaScript. DeepScan allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage technologies such as AngularJS, EmberJS and Google Web Toolkit.

Accurately Crawl and Scan with DeepScan Technology

Acunetix Vulnerability Scanner includes Acunetix DeepScan Technology which allows the scanner to robustly test any application, no matter what web technology it’s written in.

At the heart of DeepScan, is a fully automated web browser that can understand and interact with complex web technologies such as AJAX, SOAP/WSDL, SOAP/WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations just like a regular browser would. This allows Acunetix Vulnerability Scanner to test web application just as though it is running inside of a user’s browser, allowing the scanner to seamlesly interact with complex controls just as a user would, significantly

increasing the scanner’s coverage of the web application.

DeepScan has been further optimized to analyze websites and web applications developed in Ruby on Rails and Java Frameworks including Java Server Faces (JSF), Spring and Struts.

Hassle-free Authenticated Web Application Testing

Testing authenticated areas of your websites and web applications is absolutely crucial to ensure full testing coverage. Acunetix Vulnerability Scanner can automatically test authenticated areas by recording a Login Sequence using the Login Sequence Recorder. The Login Sequence Recorder makes it quick and easy to record a series of actions the scanner can re-play to authenticate to a page. The Login Sequence Recorder can also record a series of Restrictions; making it trivial to granularly limit the scope of a scan in a few clicks.

Acunetix Login Sequence Recorder supports a large number of authentication mechanisms including

● Multi-step/Custom Authentication Schemes● Single Sign-On Authentication● CAPTCHAs● Multi-factor Authentication

Automatic Custom 404 Error Page & Rewrite Rule Identification

Custom 404 error pages are pages that return an HTTP ‘200 OK’ status when a page is not found. Rewrite rules are a set of server-side rules that rewrite requested URLs on the fly.

While still allowing you the flexibility to define rewrite rules and custom 404 pages manually, Acunetix Vulnerability Scanner can automatically detect and configure itself for websites and web applications using custom 404 error pages as well as rewrite rules, saving hours of configuration and increasing the crawl and detection rate.

Manual imports of both Apache HTTP Server and Microsoft IIS rewrite rules are supported.

Highest SQL Injection and XSS Detection RateHolistic and accurate vulnerability detection lies in the ability to detect anything from the most obvious to the most obscure SQL Injection, XSS and over 500 other types of web application vulnerabilities. Acunetix is the industry leader in detecting the largest variety of SQL Injection and XSS vulnerabilities, including Out-of-band SQL Injection and DOM-based XSS.

In-depth SQL Injection and Cross-Site Scripting (XSS) Vulnerability Testing

Acunetix Vulnerability Scanner rigorously tests for hundreds of web application vulnerabilities including SQL Injection and Cross-site Scripting. SQL Injection is one of the oldest and most prevalent of software bugs; it allows attackers to modify SQL queries in order to gain access to data in the database. Cross-Site scripting attacks allow attackers to execute malicious scripts inside your visitors’ browser; possibly leading to impersonation of that user.

When it comes to Dynamic Application Security Testing (DAST), while the number of tests a scanner can run is important, it is secondary to how well it can crawl an application – If you can’t crawl it, you can’t scan it! Acunetix Vulnerability Scanner’s DeepScan Technology has the ability to crawl complex client-side Single Page Applications (SPAs), guaranteeing the highest

vulnerability detection rate even in client-side vulnerabilities such as DOM-based XSS vulnerabilities.

Advanced Automated DOM-based XSS Vulnerability Testing

DOM-based XSS is an advanced type of XSS attack which is made possible when the web application’s client-side scripts write user provided data to the Document Object Model (DOM). The data is subsequently read from the DOM by the web application and outputted to the browser. If the data is incorrectly handled, an attacker can inject a payload, which will be stored as part of the DOM and executed when the data is read back from the DOM.

DOM-based XSS is often a client-side attack, and the attacker’s payload is never sent to the server. This makes it even more difficult to detect. Acunetix Vulnerability Scanner can scan for a wide range of advanced DOM-based XSS and also provide a stack-trace of the injected payload as it moves inside of the browser’s DOM.

Detection of Blind XSS, XXE, SSRF, Host Header Attacks and Email Header Injection

Traditional methods of detecting vulnerabilities fall short when attempting to detect second-order vulnerabilities; i.e. testing for vulnerabilities that do not provide a response to a scanner during testing. Detection of second-order vulnerabilities requires an intermediary service; Acunetix Vulnerability Scanner, combined with it’s built-in AcuMonitor Technology, makes automatic detection of such vulnerabilities possible and transparent to the user running the scan.

AcuMonitor allows the detection of vulnerabilities such as Blind XSS, XML External Entity Injection (XXE), Server Side Request Forgery (SSRF), Host Header Attacks, Email Header Injection and Password Reset Poisoning.

Lowest False Positives Guarantees Effective Web Application SecurityAcunetix’s unique AcuSensor Technology enhances a regular dynamic scan through an Interactive Application Security Testing (IAST) deployment of sensors inside the source code. AcuSensor will then relay feedback to the scanner during the source code’s execution. This combination of black-box and white-box testing (commonly referred to as gray-box testing) further enhances the scanner’s detection rate.

Interactive Security Testing with AcuSensor

Traditional web application security testing (black-box testing) will not see how code behaves during execution and source code analysis will not always understand what happens when code is in execution. AcuSensor marries these two methodologies and is able to achieve a significantly higher detection of vulnerabilities. Typically, SQL injection vulnerabilities can only be found if database errors are reported, or through ‘blind’ techniques. With AcuSensor, SQL Injection vulnerabilities can be detected in all SQL queries; including INSERT statements.

Pinpoints Exact Location of Vulnerabilities

AcuSensor technology can indicate the line of code where the vulnerability lies and report additional debug information. This greatly increases remediation efficiency and makes the developer’s task of fixing the vulnerabilities easier.

Back-end File Crawling

AcuSensor can run a back-end crawl, presenting all files accessible through the web server to the scanner; even if these files are not linked through the front-end application. This ensures 100% coverage of the application, and alerts users of any backdoor files that might have been maliciously uploaded by an attacker.

Lowest False Positive Rates

Detection of inexistent vulnerabilities are a nightmare to deal with. False positives reduce confidence in the scanner and waste the time of pen-testers and developers alike in trying to find and fix vulnerabilities. Acunetix excels with the lowest false positive rate in the industry, saving valuable time for your security and development teams.

AcuSensor Technology can automatically verify vulnerabilities found through black box scanning techniques by performing additional tests during the execution of the application’s source code. This allows an Acunetix scan to give a near to 0% false positive rate when AcuSensor is used.

AcuSensor Detects Critical Vulnerabilities with 100% Accuracy

● SQL Injection● Cross-site Scripting● Code Execution

● CRLF Injection● Directory Traversal● Arbitrary File Creation● Arbitrary File Deletion● Email Injection● File Upload● File Inclusion● File Tampering● PHP Code Injection● PHP SuperGlobals Overwrite

Regulatory Compliance Reports for PCI, HIPAA and othersIn order to keep track of the vulnerabilities detected in your web applications, Acunetix Vulnerability Scanner includes extensive reports to help manage escalation and remediation of vulnerabilities while assisting in task prioritization. Acunetix includes a set of Internal Management reports to be able to share security findings internally with developers and management, as well as a range of Compliance and Classification reports for regulatory standards and best practice guidelines.

PCI Compliance Reports

PCI DSS applies to all entities involved in payment card processing-including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).

OWASP Top 10 (2013)

The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.

International Standard – ISO 27001

ISO/IEC 27001 is an information security management system (ISMS) standard with the objective of providing a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.

Other compliance reports

The Health Insurance Portability and Accountability Act (HIPAA); WASC Threat Classification; Sarbanes-Oxley; NIST Special Publication 800-53 (for FISMA); DISA-STIG Application Security; 2011 CWE/SANS Top 25 Most Dangerous Software Errors.

Developer Report

The Developer report provides a comprehensive summary of a scan. It will display scan details, server details, alert summary and alert details, pages with a long response time, a list of external links, email addresses, client scripts and external hosts, together with remediation examples and best practice recommendations for fixing the vulnerabilities detected during a scan.

Remediation

Compare scans and find differences with previous scans; Easily re-audit vulnerability fixes with ‘Re-test’ functionality; Export XML data for integration with third-party tools.

WordPress Security Scan FeaturesWith more than 24% of websites on the Internet running WordPress, and a 60% share of the Content Management System (CMS) market; WordPress security is becoming an increasingly important factor in an organization’s security posture.

While WordPress’ core is designed with security in mind, the same cannot be said for the thousands of plugins which extend the WordPress ecosystem. Unfortunately, thousands of WordPress plugins contain high-severity vulnerabilities. Unless vulnerable plugins are updated or disabled, they could allow attackers to easily compromise the integrity and availability of the site, gain access to the WordPress administrative interface and the database, as well as deface the site and trick users into phishing attacks, or use the site to distribute malware.

Scan for Vulnerable WordPress Plugins

Acunetix Vulnerability Scanner identifies WordPress installations, and will launch security tests for over 1200 popular WordPress plugins, as well as several other vulnerability tests for WordPress core vulnerabilities. In addition, Acunetix Vulnerability Scanner will also conduct other WordPress-specific configuration tests such as weak WordPress admin passwords, WordPress username enumeration, wp-config.php backup files, malware disguised as plugins and old versions of plugins.

The WordPress plugins detected, are listed in the WordPress plugins Knowledge Base including a description, version number detected and latest version of plugin to update to. Similar checks are also performed on other Content Management Systems such as Joomla! and Drupal.

WordPress Configuration File Disclosure

Although most of the common configuration settings are available through the WordPress admin interface, the WordPress administrator might need to alter certain settings from wp-config.php directly. This is often done by first creating a backup of the known working configuration, before proceeding with manually altering the file in a text editor. However, the backed up file

becomes available to whoever is able to guess the name of the backup file.

Username Enumeration and Weak Password Guessing

Acunetix Vulnerability Scanner runs tests for username enumeration of WordPress accounts. Enumerating usernames gives attackers a head-start when attacking your WordPress installation, since an attacker would have the necessary information to launch a password dictionary attack against the enumerated usernames.

Based on the users identified during the scan, Acunetix will also attempt to detect if the enumerated users are using weak passwords based on a password list, as well as other combinations, including the use of leetspeak.

Identify Malicious Plugins and Themes

WordPress has its own share of malware, which generally disguises itself either as a plugin or as a theme. The description of such malware tries to lure WordPress users into installing the malicious plugin or theme. Acunetix Vulnerability Scanner can also detect malicious URLs within pages based on the Google and Yandex safe-browsing databases.

Key Features of Acunetix Network Security ScannerComprehensive security audits require detailed inspection of the perimeter of your public-facing network assets. Acunetix has integrated the popular OpenVAS scanner within Acunetix Online Vulnerability Scanner to provide a comprehensive perimeter network security scan that integrates seamlessly with your web application security testing, all from an easy to use simple cloud-based service.

Scan Perimeter Network Services

Insecure perimeter networks are the cause of most data breaches. The perimeter is therefore one of the most important areas of your network to secure against vulnerabilities, misconfiguration and other security threats that could compromise security or availability of network services.

Acunetix Online Vulnerability Scanner extends your network’s visibility to outside threats and provides you with a perspective of your network’s perimeter just like an attacker would see it.

Every network scan will initially start with a port scan of the IP address the scanning target in order to discover open ports and running services. Open ports are then tested for over 35,000 known vulnerabilities and mis-configurations.

Testing for Network Vulnerabilities

Network vulnerability tests performed during a scan include assessing security testing of detected devices such as routers, firewalls, switches and load balancers; testing for weak passwords on common protocols such as FTP, IMAP, database servers, POP3, Socks, SSH and Telnet; Testing for DNS-related server vulnerabilities such as DNS zone transfer attacks, open recursive DNS attacks and DNS cache poisoning attacks; testing for badly configured Proxy Servers, weak SNMP community strings, weak TLS/SSL ciphers and many other security weaknesses.

The scan’s findings are then presented inside the Acunetix Online Vulnerability Scanner dashboard, from where a network

security report can be easily generated.

Detecting Network Security Mis-configurations

Acunetix Online Vulnerability Scanner can detect a wide array of network security mis-configurations that could lead to sensitive data disclosure, denial of service or even compromise of hosts. Tests include testing for anonymous FTP access and writable directories over FTP, badly configured Proxy Servers, weak SNMP community strings, weak TLS/SSL ciphers and many other security weaknesses.

Advanced Features and Pen-Testing ToolsAcunetix Web Vulnerability Scanner includes advanced tools for penetration testers to further automated testing, integration with external tools, as well as tools to aid in testing business-logic web applications.

Take Automated Scanning Further

Use the integrated HTTP Editor to export HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response.

Intercept, log and modify HTTP traffic sent to and from a web application on the fly using Traps with support for regular expressions using the integrated HTTP Sniffer. Extend manual HTTP traffic inspection by using captured traffic to build a custom crawl structure that can be used as part of an automated scan.

Fuzz HTTP requests to test validation and handling of invalid or random data using a variety of built-in fuzzers. Filter fuzzed HTTP requests with HTTP Fuzzer filters with support for regular expressions.

Export Blind SQL Injection vulnerabilities from automated scans, and perform automated database data extractions using the

Blind SQL Injector.

Import manual crawl data from the built-in HTTP Editor, third-party tools such as Telerik Fiddler, Portswigger BurpSuite, and HAR (HTTP Archive) files.

More Advanced Features

Flexibly scan websites and web applications with different Scan Settings and Login Sequences depending on engagement.

Easily customize a scan’s scope by leveraging Scanning Profiles and Directory and File Filters (support for wildcard and regular expression-based filters) to customize tests and pen-test scope.

Easily schedule scans to run at a given time, or set-up recurring scans based on a customized schedule, set-up custom Excluded Hours templates to pause scans during specific hours.

Dynamically pre-seed automated crawls using external, third-party tools and custom-built scripts.

Crawl and scan complex Business Logic-driven applications through consumption of Selenium IDE test cases.

Auto-configuration of Web Application Firewall

Acunetix WVS can automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that the scanner finds. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them. Currently Acunetix WVS supports the popular Imperva Web Application Firewall and FortiWeb WAF.

Integration and Extensibility Features

Users can also leverage the Command Line Interface and XML output to integrate with 3rd party Vulnerability Management and Defect Tracking Systems. Furthermore, Acunetix also has a well documented SDK for advanced users to create their own custom vulnerability tests.