 |
|
|
|
|
 |
| Acunetix
Web Vulnerability Scanner
- Features
|
|
Automatically
detects SQL
injection,
cross site
scripting
and other
web vulnerabilities
SQL injection
is a hacking
technique
which modifies
SQL commands
in order to
gain access
to data in
the database.
Cross site
scripting
attacks allow
a hacker to
execute a
malicious
script on
your visitor´s
browser. Acunetix
Web Vulnerability
Scanner can
check if your
web application
is vulnerable
to both of
these attacks.
More information
about SQL
injection
and cross
site scripting
at our web
site security
centre.
Other
detected Web
Vulnerbilities
- CRLF injection
attacks
- Code execution
attacks
- Directory
traversal
attacks
- File inclusion
attacks
- Authentication
attacks
|
Click
to Enlarge |
Detects
Google hacking
vulnerabilities
Google
hacking is the
term used for
a hacker trying
to find exploitable
targets and
sensitive data
by entering
queries in search
engines. The
Google Hacking
Database (GHDB)
contains queries
that identify
sensitive data
such as portal
logon pages,
logs with network
security information,
and so on. Acunetix
launches all
the Google hacking
database queries
onto the crawled
content of your
web site, to
find any sensitive
data or exploitable
targets before
a “search
engine hacker”
does. The Google
hacking feature
is a unique,
industry first
feature.
|
|
Extend attacks
with the HTTP
editor &
sniffer
With the HTTP
editor, you
can construct
HTTP/HTTPS requests
and analyze
the web server
responses. Use
it to perform
custom SQL injection
and cross site
scripting attacks.
With the HTTP
sniffer you
can log, intercept
and modify all
HTTP/HTTPS traffic,
giving you an
in-depth insight
into what data
your web application
is sending. |
Click
to Enlarge |
HTTP fuzzer
– Automated,
rule based
variable testing
The
HTTP fuzzer
tool allows
you to create
rules to automatically
test for buffer
overflows &
input validation.
For example,
using the HTTP
fuzzer you could
create a rule
which replaces
the variable
part in a URL
(e.g.
http://test.acunetix.com/listproducts.php?cat=1)
with the numbers
1 – 999.
This way you
could launch
a 1000 queries,
only checking
meaningful results,
saving a great
deal of time
compared to
manual testing.
|
Click
to Enlarge |
Javascript
/ AJAX application
security scanning
Version
4 now adds the
ability to check
AJAX applications
for security
vulnerabilities.
AJAX applications
offer tremendous
possibilities
for extending
the use of web
applications,
however they
also require
more stringent
security checks.
Acunetix WVS
4 now includes
the industry’s
most advanced
JavaScript analyzer
to help companies
keep their AJAX
applications
secure.
|
|
Crawl
password protected
areas
Acunetix
Web Vulnerability
Scanner can be configured
to scan password
protected sections
of the website with
one or more user/password
combinations. Using
the login sequence
tool, which works
similarly to a macro
recorder, one can
easily configure
the path the scanner
must crawl, including
links it should
not follow, such
as a logout link.
Automatic
HTML form filler
The HTML form filler
allows you to configure
different inputs
that you want the
web scanner to give
when it encounters
an HTML form. This
way you can automatically
test how your website
behaves for different
types of inputs.
Other Features
|
|
|
|
System
Requirements
Windows 2000/2003 or Windows XP,
Internet Explorer 5.1 or higher,
MS SQL
Server/Access if database is enabled,
200MB of hard disk space. |
|
|
|
|
|
|
|
|
|
|
