Audit your website security with Acunetix Web Vulnerability Scanner

Hackers are concentrating their efforts on attacking applications in your website: 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Web applications are accessible 24 hours a day, 7 days a week and control sensitive data such as customer details, credit card numbers and proprietary corporate data.

Firewalls, SSL and locked-down servers are futile against web application hacking

Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 – which has to remain open. In addition, web applications are often tailor-made, therefore tested less than off-the-shelf software, and are more likely to have undiscovered vulnerabilities. Manually auditing a website for vulnerabilities is virtually impossible - it needs to be done automatically and regularly.

Acunetix WVS automatically checks your web applications for SQL Injection, XSS other web vulnerabilities.

• Ensures your website is secure against web attacks
• Automatically checks for SQL injection & Cross site scripting vulnerabilities
• Checks password strength on authentication pages (HTTP or HTML forms)
• Automatically audits shopping carts, forms, dynamic content and other web applications
• Creates professional website security audit reports.

Acunetix Web Vulnerability Scanner - Features

	Automatically detects SQL injection, cross site scripting and other web vulnerabilities SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor´s browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about SQL injection and cross site scripting at Acunetix web site security centre. Other detected Web Vulnerbilities CRLF injection attacks Code execution attacks Directory traversal attacks File inclusion attacks Authentication attacks
	Detects Google hacking vulnerabilities Google hacking is the term used for a hacker trying to find exploitable targets and sensitive data by entering queries in search engines. The Google Hacking Database (GHDB) contains queries that identify sensitive data such as portal logon pages, logs with network security information, and so on. Acunetix launches all the Google hacking database queries onto the crawled content of your web site, to find any sensitive data or exploitable targets before a “search engine hacker” does. The Google hacking feature is a unique, industry first feature.
	Report Generator With the report generator you can quickly create reports which specify the vulnerabilities detected and suggests what can be done to resolve them. Furthermore, all scan sessions can be saved to a MS SQL Server or Access database for custom reporting purposes. Click to view a sample report .
	Extend attacks with the HTTP editor & sniffer With the HTTP editor, you can construct HTTP/HTTPS requests and analyze the web server responses. Use it to perform custom SQL injection and cross site scripting attacks. With the HTTP sniffer you can log, intercept and modify all HTTP/HTTPS traffic, giving you an in-depth insight into what data your web application is sending.
	HTTP fuzzer – Automated, rule based variable testing The HTTP fuzzer tool allows you to create rules to automatically test for buffer overflows & input validation. For example, using the HTTP fuzzer you could create a rule which replaces the variable part in a URL (e.g. http://test.acunetix.com/listproducts.php?cat=1) with the numbers 1 – 999. This way you could launch a 1000 queries, only checking meaningful results, saving a great deal of time compared to manual testing.

Crawl password protected areas

Acunetix Web Vulnerability Scanner can be configured to scan password protected sections of the website with one or more user/password combinations. Using the login sequence tool, which works similarly to a macro recorder, one can easily configure the path the scanner must crawl, including links it should not follow, such as a logout link.

Automatic HTML form filler

The HTML form filler allows you to configure different inputs that you want the web scanner to give when it encounters an HTML form. This way you can automatically test how your website behaves for different types of inputs.

Other Features

• Test password strength of login pages by launching a dictionary attack
• Create custom web attack & check or modify existing ones with the Vulnerability editor
• Supports all major web technologies, including ASP, ASP.NET, PHP and CGI
• Use different scanning profiles to scan websites with different identity and scan options
• Compare scans & find differences with previous scans and discover new vulnerabilities
• Easily re-audit website changes
• Crawl & interpret Flash files 
• Automatic Custom error page detection
• Discovers directories with weak permissions
• Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE) and inspects the HTTP version banners for vulnerable products.

System Requirements

Windows 2000/2003 or Windows XP, Internet Explorer 5.1 or higher, MS SQL Server/Access if database is enabled, 200MB of hard disk space.