Using the Acunetix Login Sequence Recorder in 3 Easy Steps (With Video)

Keeping your website secure just got easier with Acunetix 10. With so many new features and extra capabilities designed to prevent hackers, it can be difficult to know where to start with it. One of the newest features include the improved Acunetix Login Sequence Recorder. What makes this feature so useful is it can test password-protected areas of your website automatically. It really is simple to use too. All you have to do is launch a scan from the Scan Wizard and create a new Login Sequence from there. Here’s how it all works in three steps.

Start the Login Sequence Recorder

Now that you have the Acunetix Login Sequence Recorder going navigate to the login page on your website and log-in to the restricted area. You’ll probably notice all actions are being recorded at this point, but that’s okay – it’s exactly what you want. The scanner will replay any actions you take while it is recording, and once the login actions are complete click ‘Next’.

Define Restrictions

The Acunetix Login Sequence Recorder can pretty much do whatever it is you want it to do, through the recording of your actions. However, you’ll still want to restrict the scanner from performing specific actions you don’t want it to take. This includes things like clicking ‘Logout’, ‘Delete User, ‘Send Email’, and any other option that should not be interacted with during the scan. Once restrictions are set up, click ‘Next’.

Use the ‘Session Pattern’

The final step involves letting the scanner know when it is logged in and logged out. Typically, the Acunetix Login Sequence Recorder can automatically detect a valid Session Pattern using the requests from the login actions. When the scanner does not automatically detect a valid Session Pattern you must manually browse the restricted area until a pattern is detected. Once the scanner has automatically detected the Session Pattern or you’ve done it manually, click ‘Finish’ and save the Login Sequence File.

SecureWorld St. Louis 2015

IMG_0332

We had a great time speaking with everyone who stopped by our booth at SecureWorld on Sept. 22nd & 23rd.

Alliance and Acunetix were highly visible at the show due to our unique value proposition. Acunetix offers the best web application vulnerability scanner on the market and Alliance trains Acunetix users how to apply industry best practices and take full advantage of the solution.

If you were unable to come see us, it’s okay! We’re still available to answer your questions and resolve security issues dragging down efficiency, security, and revenue.

The Importance of an Authenticated Network Security Scan

Authenticated network security scans are tests for vulnerabilities that are performed as an authenticated or logged-in user. Authenticated scans happen from a computer that is logged in normally to a network with extra software installed, or from a machine that is designated for the task and given login credentials. These procedures can determine how secure a network is from the interior point of view. Running an authenticated network security scan can provide users with a wealth of information, and here we explore how that is important to a business.

 

Detect Insider Threats

An insider threat is a malicious hacker who is an officer or employee of a business. Sometimes it is an outside individual who pretends to be an employee by obtaining false credentials. The insider threat’s goal is to gain access to the networks or computer systems of the business, then use found data to maliciously harm the company. Authenticated network security scans limit the damage these insider threats can do.

 

Find Vulnerabilities 

Authenticated scans can find vulnerabilities that are not detected with an unauthenticated scan. These scans can reveal weak share permissions, missing patches and general overall misconfigurations. Many companies skip running an authenticated scan, but it is the best way to see exactly where things stand for your network.

 

Prepare for Information Overload

Businesses must be prepared to deal with how authenticated network scans can give you an overload of information, which can be a problem if the individual reading reports is not skilled in IT speak. If they see a lot of “critical” or high level flaws, they can make managers and internal auditors jumpy when they don’t truly know what they are reading. A managed service provider can help your company interpret results of an authenticated network scan.

 

Set Aside Time for a Scan

Running authentication network security scans can take up to two to three times longer to implement than unauthenticated scans. The more network hosts you have, the more time it will take. You also need time to analyze the scanner results and to report them since they are much bigger than unauthenticated scans. Be prepared and have a significant chunk time set aside.

 

Scan with Several User Role Levels

To get the most accurate authenticated network security scan it is best from the views of different levels of privilege, such as a standard domain user with limited access and a domain or local administrator. It is also recommended to scan at the highest level possible. By scanning as an administrator or a role that is equivalent to that level you will get the most insight into your company’s network security vulnerabilities.

 

Contact us today if you have any questions about running an authenticated network security scan for your business. Our highly qualified team is here to help.

Reduce Web Vulnerability Scan Times

Business applications and websites are being routinely attacked and facing a number of threats from hackers looking to steal sensitive information. Luckily, we have the capabilities to ensure that your business website is secure and free of flaws that could be used by online criminals to infiltrate the system. This is done by running web vulnerability scans. The amount of time it takes to scan is very important, and if your vulnerability scan times are slow, it leaves you more vulnerable to a security breach. All it takes is one successful digital break-in by a cyber-criminal for them to access all your sensitive data.

 

Web Vulnerability Scan Times

A good response time is anything under .2 second, and a response time over .3 second is considered dangerously large, causing scans to take an excessively long time to complete. One of the most common reasons for slow vulnerability scanning times is the relation of the response time between scanner and target application or website. Of course, there are many things that can lead to a high response time and lengthen the time it takes to complete your vulnerability scan. Here we discuss ways to reduce web vulnerability scan times.

 

Web Server Performance

Your web server simply might not be acting to its full potential, slowing down the scanning process. Start by looking at items like your hard disk access, CPU, memory etc. Often this type of issue is solved after you upgrade your server. Be sure you’re upgrading to something that is able to meet the needs of your business and don’t settle for less.

 

Firewall Problems

A slow scan time could be because of your Intrusion Detection System, Web Application Firewall or network firewall. Make sure that your antivirus software is up to date. Firewalls are notorious for causing very long site response times.

 

Database Performance

Once you know that your web server is not slowing you down, consider the database. Slow response times may be solved once the database has been cleaned up and optimized. By doing these simple tasks, your system has less queries to go through every time a response is requested.

 

Bandwidth and Network Performance

When the network is busy, that will slow everything down. Your server might be in the middle of a bottleneck and that will certainly affect your scan time. Try testing your server from several different locations to confirm this, then you can work on a resolution.

 

Seek Outside Assistance

You may try all of these tactics and you’re still getting slow response times. Seek outside assistance so you can customize your web vulnerability scan with the Acunetix Web Scanner Tool. Sometimes the whole website does not require scanning but instead the scans can be divided into smaller segments. Acunetix Web Scanner Tool has several filtering options available to reduce web vulnerability scan times.

To learn more about reducing your scan time, contact us today. Our Acunetix trained engineers will be happy to assist you.