Acunetix Vulnerability Scanner

Acunetix was founded by Nick Galea in 2005. It came at a time when the majority of enterprises focused on network protection rather than securing web applications. With the goal of combating web vulnerabilities, Acunetix aimed to offer an automated tool to scan web applications to identify and resolve security issues. Simply put, Acunetix is an all-in-one website security scanner.

The vulnerability scanner was originally built for Windows. In 2014, Acunetix offered an online version and then Linux in 2018. Over the years the company has grown its services. Currently, Acunetix serves over 6,000 companies worldwide.

Acunetix includes quite a few features for enterprises.

Cloud computing and browser technology have seen significant growth in recent times. In the business environment, these are often vital components. This very reason paints a huge target in the sector. Hackers continue to focus on this area.

Yes, firewalls and SSL certificates can help beef up web application security. But these measures are only basic. Regardless of the HTTP of HTTPS, web attacks are still carried out by hackers. As Acunetix puts it, their vulnerability scanner has the capability of detecting over 4500 web application vulnerabilities. It can also scan open-source software and custom-built applications.

The Acunetix vulnerability scanner comes equipped with DeepScan. This enables crawling AJAX-heavy client-side single-page applications. The AcuSensor combines black box scanning methodologies with feedback from its sensors placed inside source code. The company also claims, “Industry’s most advanced SQL Injection and Cross-site Scripting (XSS) testing including advanced detection of DOM-based XSS”. Furthermore, its Login Sequence Recorder facilitates the automatic scanning of complex password-protected areas.

It doesn’t stop there. The vulnerability scanner also includes a vulnerability management tool. This provides many technical and compliance reports.

We previously talked about penetration testing. Acunetix’s offering is an automated penetration testing tool. While it’s true that manual testing would provide organizations with a thorough security assessment. But oftentimes these are time consuming and expensive. Hence, the use of automated penetration testing tools, like Acunetix’s web vulnerability scanner, is much more efficient.

Acunetix allows security personnel to test for SQL injection, Cross-Site Scripting, and other vulnerabilities. It also allows for scheduled automated scans as well. Additionally, it also has the capability of offering full support for modern Single Page Applications.

Here, the penetration testing tools are able to understand and test applications dependent on JavaScript frameworks such as Angular and React. What this means is that the penetration testing tools can scan everything from legacy web applications built on traditional stacks to modern web apps.

The reporting element is also a valuable add on for enterprises. The software can generate a wide range of reports such as PCI DSS, HIPAA, OWASP Top 10, etc. Additionally, if users discover any vulnerabilities, they could export these to issue trackers like Atlassian JIRA, GitHub, and Microsoft Team Foundation Server.

When it comes to web application security, one of the first things to do is to scan for known vulnerabilities. Acunetix would enable quick and easy identification of known vulnerabilities. This includes sites built with HTML5 and JavaScript Single Page Applications, which can be sometimes hard to scan.

When it comes to testing approaches, Acunetix is not limited to black-box testing techniques. Among the many elements of Acunetix is the AcuSensor grey-box scanning technology. This lets users automatically assess executed Java, ASP.NET and PHP server-side code.

When it comes to network security, insecure network perimeters remain the cause of many data breaches. Thereby, this tool would help users discover open ports and running services, and test for more than 50,000 known network vulnerabilities and misconfigurations. Acunetix would also allow users to analyze the security of routers, switches, load balancers, and the likes. Additionally, the network security scanner element comes equipped with a few more capabilities such as testing for,

• Weak passwords: FTP, IMAP, database servers, POP3, Socks, SSH, and Telnet
• Badly configured proxy servers
• Anonymous FTP access and writable directories over FTP
• Weak TLS/SSL ciphers

WordPress is one of the most popular Contents Management Systems today. It’s said that there are roughly 75,000,000 WordPress sites operational as of this moment. The system’s many mechanisms such as plugins, themes, and user-friendly content management makes WordPress a top choice for most people. Unfortunately, this also makes WordPress a promising target for hackers. Enter the Acunetix WordPress vulnerability scanner. According to the company, this has the capability to,

• Detect outdated WordPress versions, including WordPress core and plugins without critical security patches
• Identify malware that is sometimes under the guise of WordPress themes and third-party plugins
• Detect WordPress usernames that can be used to compromise accounts
• Discover disclosed publicly available wp-config.php files
• Identify if vulnerable to XML-RPC brute force attacks