Archive for category: Acunetix Security

Acunetix and Netsparker have been named a 2020 Gartner Peer Insights Customers’ Choice for Application Security Testing

/in , , , /by

Invicti Security™, a leader in Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST), today announced that both Acunetix and Netsparker have been named a 2020 Gartner Peer Insights Customers’ Choice for Application Security Testing, as reviewed by customers.

As of October 9, Acunetix has an Overall Rating of 4.8 out of 5 in the Application Security Testing market, based on 57 reviews. Acunetix earned the highest percentage of 5/5 star reviews in their category. In addition, Acunetix rated the highest in product capabilities with a 4.9/5 rating and the highest in integration and deployment with a 4.8/5 rating. As of October 9, Netsparker has an Overall Rating of 4.6 out of 5 in the Application Security Testing market, based on 50 reviews.

The Gartner Peer Insights Customers’ Choice distinction recognizes vendors and products that are highly rated by their customers. Gartner Peer Insights gives IT buyers the confidence to select enterprise solutions based on reviews by IT peers, verified by Gartner. To be recognized with the Customers’ Choice distinction, a vendor must have 50 or more published reviews and an average overall rating of 4.2 stars or higher across those reviews accumulated within the 12-month submission period. In addition, at least 20% of all eligible reviews must be from outside of the primary industry, region, and company size.

“We are very proud to be named a Gartner Peer Insights Customers’ Choice,” said Invicti Chief Executive Officer Ferruh Mavituna. “We believe this customer recognition validates our commitment to providing value to customers through our industry-leading web application security solutions.”

Here are just a few examples of what Invicti customers are saying, taken from anonymous Acunetix and Netsparker reviews provided by users worldwide:

Acunetix

  • Hіgh Quаlіty Sсаnnеr: “I аlwаys rесоmmеnd thіs scanner bеcаusе оf іts ехtеnsіvе dаtа оn sесurіty hоlеs. Thіs fеаturе hаs sаvеd mе multiple tіmеs. Fоr busіnеssеs whеrе sесurіty іs сruсіаl fоr орtіmаl рrосеssеs, Aсunеtіх іs thе bеst sоlutіоn tо kеер yоur аррs hеаlthy.”
  • Very Helpful Reports And Scan Results To Secure The Applications: “Great scanning application especially for vulnerable applications to find out the flaws or identify the threats, easily report the findings with the tool results and suggest fixes for the same. The application support and setup implementation were very easy and in no time we started using the application for assessment.”
  • Best Automated Web Application Security Testing Tool: “Acunetix is an incredible web application Security scanner it can perform various static and Dynamic tests to Web applications. Acunetix is mostly used for identifying Web application Vulnerabilities and we can automate the process and we can identify the Vulnerabilities easily.”
  • Fully Automated Web Application Security Scanner: “Acunetix has a fully automated scanner for web application security scans it can use easily even without expert knowledge about the product this is really user-friendly and easy to use the tool and able to scan the web applications quickly and find the vulnerabilities in the web applications easily this tool is a fully commercial tool and it has really advanced features of deep scanning and automated report generating features.”

Netsparker

  • Best Website Scanning Tool For Security Issues: “NetSparker is a tool which is very widely used for web and app security testing. Using Netsparker we can scan a website or application for vulnerabilities and threats. It is very time and cost-effective as most of the vulnerabilities are uncovered by it before the website goes live. Its best feature is that it provides proofs for its findings. It is very easy to use and requires very basic training. It also provides email alerts.”
  • WAS Scanner For End-End Scanning: “The product is super reliable, comes in handy and has the best customer support. I have been using Netsparker for over 3 years and this solution has helped secure our web applications in ways I have not witnessed before. Whenever issues arise or I run into a dilemma or have some concern, the Netsparker customer support team always comes to rescue.”
  • Web Application Security Scanner By Netsparker: “Netsparker has one of the best detection rates. The issue-tracking has made it absolutely easy to detect a malicious venture or policy violations. All the policy violations and malicious activities are collected using the system and event management system which is yet another amazing aspect of Netsparker.”
  • NetSparker- Web Application Security Scanner: “The web application security scanner allows us to cover complete end-end penetration testing and scanning of web applications and it fetches the threats and harmful elements in the application through its powerful scanning system and methodologies, It is a simple and reliable tool to perform pen-testing.”

To see the full list of vendors in the July 2020 Gartner Peer Insights Customers’ Choice for Application Security Testing, click here.

About Gartner Peer Insights

Gartner Peer Insights is an online platform of ratings and reviews of IT software and services that are written and read by IT professionals and technology decision-makers. The goal is to help IT leaders make more insightful purchase decisions and help technology providers improve their products by receiving objective, unbiased feedback from their customers. Gartner Peer Insights includes more than 215,000 verified reviews in more than 340 markets. For more information, please visit www.gartner.com/reviews/home.

Gartner Peer Insights Customers’ Choice constitutes the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of nor constitute an endorsement by, Gartner or its affiliates.

Gartner Peer Insights ‘Voice of the Customer’: Application Security Testing, October 2020

About Invicti Security

Based in Austin, Texas, Invicti Security specializes in web application security, serving organizations across the world. Invicti was founded in 2018 by bringing together Netsparker and Acunetix, two brands that identify web vulnerabilities to prevent costly data breaches and other security incidents. Netsparker was the first web application security solution to deliver automatic verification of vulnerabilities with its proprietary Proof-Based Scanning™ technology. This best-in-class web application security solution identifies vulnerabilities from the early stages of application development through production. Known for its ease of use, speed and accuracy, Acunetix is a global web security leader and the first-ever automated web application security scanner. A privately held company, Invicti is backed by Turn/River Capital.

About Alliance Technology Partners

Alliance Technology Partners is an Authorized Acunetix and Netsparker Value-Added Distributor in the United States. We have been partnering with Acunetix since 2007. We work with Government and Corporate Security Teams, Technology Resellers, and Consultants to deliver best in class vulnerability management solutions.

Released: Acunetix Version 13 build 13.0.200508159

/in , , /by

This new build introduces the Business Logic Recorder (BLR), which allows the user to record logic implemented in multi-step web forms. The Acunetix scanner will go through the multi-step form and will be able to attack each step in the form.  In addition, vulnerabilities can now be sent to Citrix WAF for virtual patching or the Azure DevOps Services issue tracker for further follow-up by the team.  Most vulnerabilities have been updated to include a CVSS 3.1 score.

This update adds a good number of important vulnerability checks and includes various updates and fixes, which are available for all editions of Acunetix.

Find further information on the full set of new features, vulnerability checks, updates, fixes and how to upgrade to the latest build.

 

Alliance Technology Partners is the US Government Distributor for Acunetix.  Call 888-891-8885 option 3 for Acunetix license information,and pre-sales technical questions.

Acunetix Authorized Government Resellers.

Acunetix Version 13 Released!

/in , /by

New Features in Acunetix Version 13

  • New Acunetix web UI
  • Network Scanner integration (Improved)
  • Malware Detection using Windows Defender on Windows & ClamAv on Linux
  • Smart Scan
  • New scanning algorithm prioritises scanning tasks and reduces scanning time
  • Proof of exploit is reported in the vulnerability alerts
  • Incremental Scans
  • Vulnerability Confidence Rating for web vulnerabilities
  • Brand New GitLab Issue Tracker Integration
  • Brand New Bugzilla Issue Tracker Integration
  • Brand New Mantis Issue Tracker Integration
  • Ability to create Login Sequence from Selenium script
  • New WADL import file
  • New ASP.NET Webforms import file
  • New Postman import file
  • New Paros import file
  • Ability to create custom checks
  • Highlighting of vulnerability in HTTP response
  • DeepScan provides better support for Angular 2, Vue and React JavaScript Frameworks
  • Unlimited network scanning for Acunetix Premium customers
  • Account Session Timeout settings
  • Account Maximum Consecutive Login Failure settings

New Vulnerability Checks in Acunetix 13

Updates

  • Improved memory consumption for the scanner
  • PDF reports now have page numbers
  • Generic User-agent will be used for communication with issue trackers
  • All lists in Acunetix UI can be sorted
  • Easier filtering options in the Acunetix UI
  • Settings can now be accessed from the side-bar
  • Links discovered by AcuSensor are given more prominence
  • Improved processing of XML and JSON POST input schemes
  • Scanner will try to replay the LSR playback actions a number of times before failing
  • Improved Auto-Login
  • Multiple updates in the Login Sequence Recorder
  • Developer report updated to include Source file, line number and other details provided by AcuSensor
  • Acunetix now supports scanning domains with international characters
  • Increase page size limit to 20Mb in scanner and LSR
  • Improved detection of Possible Sensitive Files
  • Improved detection of email addresses
  • Improved detection of Command Injection
  • Improved detection of database backup files
  • Improved detection of XXE

Fixes

  • Fixed issue in Developer report showing incorrect parameter name for detected vulnerabilities
  • Fixed: “Tester” user role will not be able to create reports
  • upgrades on Linux were not removing all files from previous installation
  • Fixed issue with Manual Intervention
  • Fixed: Session cookies where not always collected by LSR
  • Fixed: Incorrect processing of URLs with “{” character
  • Fixed a number of crashes in scanner
  • Fixed issue causing scanner proxy to unintentionally transform parts of the HTTP request
  • Fixed false positive in the detection of Apache Tomcat Remote Code Execution
  • Fixed issues causing some links not to be properly imported by the importer
  • Fixed issue with license activation when proxy and authentication is used
  • Fixed issue causing session to get lost when Deepscan is used

Acunetix 360 – End-to-End Enterprise Web Security

/in , , /by

Acunetix 360

Vulnerability scanning alone is not enough for a large organization to face present-day security-related challenges. Enterprise requires a comprehensive web application security management platform that allows them to easily find, fix, and prevent vulnerabilities. Acunetix 360 is an end-to-end web security solution that offers a 360 view of an organization’s web security posture. It allows the enterprise to take control of the security of all its web applications, web services, and APIs, ensuring long-term protection.  It starts with the award winning Acunetix scanning engine…

Continuously Protect All Your Web Assets

To start protecting your web assets, you must first know what they are and where they are. Acunetix 360 is a unique solution that can help you find them and never forget about them.

  • Don’t overlook anything. Automatically discover web assets that are owned by your business and/or manually import them.
  • Streamline your processes. Use security policies to continuously monitor & safeguard your web assets.
  • Find every vulnerability & only real vulnerabilities. Don’t waste valuable resources researching false positives.

Make Sure that Every Vulnerability is Fixed

A large organization cannot afford to manually fix every vulnerability. Unlike simpler vulnerability scanners, Acunetix 360 supports your entire workflow.

  • Have the right team address the issue. Integrate with issue trackers to automatically assign tasks to the right person.
  • Include all stakeholders. Keep the right people informed using custom workflows with granular permissions and various communication channels.
  • Don’t let mistakes happen. Automatically retest after an issue has been marked as fixed and, if needed, reassign to the responsible party.

Catch Issues Before They Emerge

The fewer errors make it to production, the better. Make sure to prevent exposure by enforcing vulnerability testing at the right stages of your SDLC.

  • Don’t miss any bugs in your code. Use your proven continuous integration solution to include an incremental vulnerability scan in every build.
  • Quickly pinpoint and fix the problem. The level of detail provided by Acunetix 360 helps you avoid additional research and resource costs.
  • Do it your way. Integration capabilities of Acunetix 360 let you avoid the costs associated with implementing additional solutions.