Archive for category: Blog

Protect Web Assets With Netsparker and Proof-Based Scanning™

Protect Web Assets With Netsparker and Proof-Based Scanning™

/in /by

Protect Web Assets With Netsparker and Proof-Based Scanning™

How confident are you in your web application security?

Security vulnerabilities can leave you open to unauthorized users accessing your web application and the information it holds. This data is the foundation of your operational consistency, and any threats need to be minimized – or eliminated.

Too often, executives believe existing network security measures cover more than they actually do, complicating the full security picture and widening the gap between security and where vulnerabilities are. The last thing you need is to be kept up at night worrying about security issues, and Netsparker has you covered.

What is Netsparker?

Securing web-based assets adds a layer of complexity to your security protocols because some security measures, like antivirus software, are ineffective at protecting web assets. It would be best if you had a solution you can trust to deliver accurate scanning results, leveraging leading-edge technology to protect web assets, automate and integrate with your systems, and identify and eliminate security issues at the earliest moment possible.

Automated security vulnerability assessments with Netsparker’s Proof-Based Scanning™ prioritize solutions and proactivity over resource-intensive reactivity mindsets. Once assets are identified for scanning, Netsparker’s Proof-Based Scanning™ reports vulnerabilities and delivers unparalleled accuracy – zero false positives or skipped processes, like those requiring authentication.

How Can You Benefit from Netsparker?

Automate your web security

Automatically discover your assets based on IP addresses and domains, automatically crawl and scan legacy and modern web applications, like HTML5, Web 2.0, Single Page Applications, and password-protected applications. Vulnerabilities are identified and automatically prioritized. Automation is key!

Scale as you grow

Netsparker scales with the scope of your security needs, safely discovering and exploiting vulnerabilities to provide detailed, clear, and concise reporting.

Improve efficiency

As a vulnerability management solution, Netsparker integrates with issue trackers like Azure DevOps and Jira so you can assess, fix, and re-test your web applications without duplicated efforts or costs. Issues can also be automatically assigned to a developer, including issue and update notifications.

Compliance

Transparency is crucial, and Netsparker’s customizable compliance reports include ISO 27001, PCI DSS, and HIPAA, and offers third-party validation.

Where is the Proof?

The automation and accuracy rate of Netsparker Proof-Based Scanning™ are the innovations so desperately needed by modern businesses relying on sophisticated IT systems. Dashboards and detailed reports are just the start of how Netsparker can revolutionize your web application security.

Regardless of the number of web applications you manage, websites you have, or the volume of information you secure, Netsparker seamlessly integrates security for your web application.

Why Netsparker?

The only solution available that provides security in an integrated package with efficiency, accuracy and delivers peace of mind, Netsparker’s Proof-Based Scanning™ is for you.

As an enterprise of your size, there’s a lot to keep track of when it comes to your organization’s cybersecurity. You operate a complex web environment, incorporating websites, applications, and APIs.

Develop Confident Enterprise Web Environment Security With Acunetix

/in /by

Develop Confident Enterprise Web Environment Security With Acunetix

As an enterprise of your size, there’s a lot to keep track of when it comes to your organization’s cybersecurity. You operate a complex web environment, incorporating websites, applications, and APIs.

It takes a lot to protect it all — firewalls, antivirus, backups, staff training, and on and on.

Given the degree of complexity you’re dealing with, it’s important to ask the question: are you sure your web environment is secure?

After all, 30,000 websites are hacked on a daily basis. That’s why you need to know whether your websites, web apps, and APIs are secure — Acunetix will help you find out.

What Is Acunetix?

Acunetix is an automated web application security testing tool.

The primary Acunetix offerings are Acunetix 360 and Acunetix Premium, which the Alliance team uses to protect our enterprise-level clients’ web environments. These are the industry-leading web vulnerability solutions, which allow us to determine whether our clients’ web environments are properly secured, or putting them at risk.

How Can You Benefit From Acunetix Solutions?

These robust solutions provide a range of features to help test and verify web environment security for enterprise organizations like yours:

  • Extensive Scanning: No matter how complex your online environment is, Acunetix will hunt for over 6,500 distinct vulnerabilities from SQL injections to weak passwords and more.
  • Convenient Automation: Acunetix is fully automated, meaning no one on your staff needs to babysit it or lose time monitoring it. Scans can be scheduled on a regular basis, and automatic scans are performed as your website is developed.
  • Fast Results: Acunetix is designed to work quickly and simply — you get clear and detailed results from lightning-fast scans, allowing you to learn what you need to know, then get back to your work.

Using Acunetix solutions, we’ll give you confidence in your web environment security with Acunetix 360 and Acunetix Premium.

Released: Acunetix Version 13 build 13.0.200508159

/in , , /by

This new build introduces the Business Logic Recorder (BLR), which allows the user to record logic implemented in multi-step web forms. The Acunetix scanner will go through the multi-step form and will be able to attack each step in the form.  In addition, vulnerabilities can now be sent to Citrix WAF for virtual patching or the Azure DevOps Services issue tracker for further follow-up by the team.  Most vulnerabilities have been updated to include a CVSS 3.1 score.

This update adds a good number of important vulnerability checks and includes various updates and fixes, which are available for all editions of Acunetix.

Find further information on the full set of new features, vulnerability checks, updates, fixes and how to upgrade to the latest build.

 

Alliance Technology Partners is the US Government Distributor for Acunetix.  Call 888-891-8885 option 3 for Acunetix license information,and pre-sales technical questions.

Acunetix Authorized Government Resellers.

Acunetix Version 13 Released!

/in , /by

Acunetix Version 13 (build 13.0.200205121 – Windows and Linux) 5th February 2020 – Acunetix Pricing 

New Features in Acunetix Version 13

  • New Acunetix web UI
  • Network Scanner integration (Improved)
  • Malware Detection using Windows Defender on Windows & ClamAv on Linux
  • Smart Scan
  • New scanning algorithm prioritises scanning tasks and reduces scanning time
  • Proof of exploit is reported in the vulnerability alerts
  • Incremental Scans
  • Vulnerability Confidence Rating for web vulnerabilities
  • Brand New GitLab Issue Tracker Integration
  • Brand New Bugzilla Issue Tracker Integration
  • Brand New Mantis Issue Tracker Integration
  • Ability to create Login Sequence from Selenium script
  • New WADL import file
  • New ASP.NET Webforms import file
  • New Postman import file
  • New Paros import file
  • Ability to create custom checks
  • Highlighting of vulnerability in HTTP response
  • DeepScan provides better support for Angular 2, Vue and React JavaScript Frameworks
  • Unlimited network scanning for Acunetix Premium customers
  • Account Session Timeout settings
  • Account Maximum Consecutive Login Failure settings

New Vulnerability Checks in Acunetix 13

Updates

  • Improved memory consumption for the scanner
  • PDF reports now have page numbers
  • Generic User-agent will be used for communication with issue trackers
  • All lists in Acunetix UI can be sorted
  • Easier filtering options in the Acunetix UI
  • Settings can now be accessed from the side-bar
  • Links discovered by AcuSensor are given more prominence
  • Improved processing of XML and JSON POST input schemes
  • Scanner will try to replay the LSR playback actions a number of times before failing
  • Improved Auto-Login
  • Multiple updates in the Login Sequence Recorder
  • Developer report updated to include Source file, line number and other details provided by AcuSensor
  • Acunetix now supports scanning domains with international characters
  • Increase page size limit to 20Mb in scanner and LSR
  • Improved detection of Possible Sensitive Files
  • Improved detection of email addresses
  • Improved detection of Command Injection
  • Improved detection of database backup files
  • Improved detection of XXE

Fixes

  • Fixed issue in Developer report showing incorrect parameter name for detected vulnerabilities
  • Fixed: “Tester” user role will not be able to create reports
  • upgrades on Linux were not removing all files from previous installation
  • Fixed issue with Manual Intervention
  • Fixed: Session cookies where not always collected by LSR
  • Fixed: Incorrect processing of URLs with “{” character
  • Fixed a number of crashes in scanner
  • Fixed issue causing scanner proxy to unintentionally transform parts of the HTTP request
  • Fixed false positive in the detection of Apache Tomcat Remote Code Execution
  • Fixed issues causing some links not to be properly imported by the importer
  • Fixed issue with license activation when proxy and authentication is used
  • Fixed issue causing session to get lost when Deepscan is used