Scan for ShellShock with Acunetix Web Vulnerability Scanner

ShellShock, dubbed the BIG BUG of 2014, is causing a huge stir in the IT community, with researchers still getting to grips with the damage caused. Also referred to as the BASH Bug, this vulnerability has been assigned the highest CVSS score of 10, a score that not even the notorious HeartBleed achieved. The high score is more than warranted since this Bourne-again Shell vulnerability is very easy to exploit allowing pretty much any script kiddie to take control of a vulnerable server and execute arbitrary code. Acunetix Web Vulnerability Scanner (WVS) has already been updated to identify web servers vulnerable to ShellShock while Acunetix Online Vulnerability Scanner (OVS) has been updated to detect ShellShock on perimeter servers. Users of the most recent Acunetix Web Vulnerability Scanner (WVS) version will be prompted to install an update next time they start Acunetix WVS. Older version users with upgrade entitlement can also get the latest build of Acunetix WVS by downloading it from here and installing it over the current system (backup recommended).

If you don’t have Acunetix, Alliance offers the Acunetix licensing and Acunetix training.

 

 

Acunetix Training – Introduction to Web Vulnerability Scanning Strategies with Acunetix

Alliance has been an Acunetix partner for 7 years and now offers Acunetix Training Courses.  We have found that many Acunetix users never learn how to use Acunetix to it’s fullest extent.   With all the highly publicized security breaches around the country, we have decided that helping our clients protect their data is our top priority.  Our clients include the United States Government, State and Local Governments, Security Consulting Firms, and Fortune 1000 organizations.

Our Basic Training course is a 3 hour course given by our two senior security engineers.  It is delivered via the web.  It is highly interactive and tailored to the users’ experience level and particular needs.  Our security engineers are trained directly by Acunetix and work with Acunetix on a consistent basis.   This is a dedicated training for our clients who can invite up to 5 users.

The Introductory course covers the following areas:

  • Overview of Acunetix and Web Vulnerability Scanning
  • Scan Settings
  • Scanning/Crawling Options
  • Login Sequence Recorder
  • HTTP Editor
  • HTTP Sniffer
  • Site Crawler
  • HTTP Fuzzer
  • Authentication Tester
  • Compare Results Tool
  • Target and Domain Finder
  • Web Services Scanner/Editor
  • Scheduler
  • Reporter
  • OWASP
  • New Features in WVS 9.5

A certificate of completion is issued after the completion of the course.

Alliance Logo Transparent

Acunetix Reseller, Acunetix Partner,  Acunetix Training

Acunetix Reseller, Acunetix Partner, Acunetix Training

 

 

SQL Injection Flaws on Web Sites leads to Biggest Data Breach in History

A Russian Cyber Gang, Dubbed CyberVors by Hold Security (who identified the data breach), have stolen over 4.5 Billion Records, mostly containing user credentials from over 420,000 Web and FTP sites.  This represents the largest known data breach in history with dire implications. The CyberVors accomplished this gaining control of a botnet network (a large group of virus-infected computers controlled by 1 criminal system) which they used to identify SQL vulnerabilities on the sites they visited.

How you to protect yourself and your company.

Individuals – Change your credentials using strong passwords.  See this PC Magazine article for some best practices – Creating Strong Passwords

Companies – Check your web site(s) for vulnerabilities.  The CyberVors found sites vulnerable to  SQL Injection.  SQL Injection is one of the most common vulnerabilities found on web sites.   Alliance Technology Partners specializes in Web Security and is the Acunetix Preferred Partner.  We sell, train, and consult IT and Security professionals on how to use Acunetix.  We have the only security engineers directly trained by Acunetix in the US.  We also offer Our Pen Testing and Audit Services.

About Alliance Technology Partners Alliance is IT Solution provider based in St. Louis that specializes in web security.  We help Fortune 1000 and the Government (Federal, State, and Local) secure their web sites.  We offer Web Vulnerability Software (Acunetix) as well as our expertise to assist our clients in their mission to secure their networks.  We offer training and ongoing consulting options.

Tesimonial from Alliance/Acunetix Event

This is a testimonial from Mark Murdock of Lantern Secure Solutions, who also works with Alliance Technology Partners.   He and Chris Martin, from Acunetix, discuss why Mark uses the Acunetix Web Vulnerability Scanner over other products.

From a security standpoint, Mark needed a tool that covers a full range of features to meet his clients’ needs. While Open Source tools are useful, they can be time consuming, are not as user friendly, and are not consistently updated. Mark chose to use Acunetix with is his clients because it is an easily configurable tool that can be used in a variety of ways. Not only is Acunetix the best value on the market, but they are continually improving their product keeping it up to date with the latest technologies. Mark also chose to use Acunetix over other tools because it has all the features and configurability that Lantern Secure Solutions needs serve their clients. One valuable feature Mark likes about Acunetix is the use of authenticated scanning.