Tag Archive for: Acunetix

Posts

Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015

/in , , , /by

Gartner recognizes Acunetix as a Challenger

Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner’s 2015 Critical Capabilities for Application Security Testing Report

Gartner, Inc., the leading provider of research and analysis on the global information technology industry, has recognized Acunetix as a challenger, assigning Acunetix Web Vulnerability Scanner a score of 4.36 out of 5.0 in the Manual Web Penetration Testing Use Case, in Gartner’s most recent Critical Capabilities for Application Security Testing Report.

Read More

 

SecureWorld St. Louis 2015

/in , , /by

IMG_0332

We had a great time speaking with everyone who stopped by our booth at SecureWorld on Sept. 22nd & 23rd.

Alliance and Acunetix were highly visible at the show due to our unique value proposition. Acunetix offers the best web application vulnerability scanner on the market and Alliance trains Acunetix users how to apply industry best practices and take full advantage of the solution.

If you were unable to come see us, it’s okay! We’re still available to answer your questions and resolve security issues dragging down efficiency, security, and revenue.

 

The Importance of an Authenticated Network Security Scan

/in /by

Authenticated network security scans are tests for vulnerabilities that are performed as an authenticated or logged-in user. Authenticated scans happen from a computer that is logged in normally to a network with extra software installed, or from a machine that is designated for the task and given login credentials. These procedures can determine how secure a network is from the interior point of view. Running an authenticated network security scan can provide users with a wealth of information, and here we explore how that is important to a business.

 

Detect Insider Threats

An insider threat is a malicious hacker who is an officer or employee of a business. Sometimes it is an outside individual who pretends to be an employee by obtaining false credentials. The insider threat’s goal is to gain access to the networks or computer systems of the business, then use found data to maliciously harm the company. Authenticated network security scans limit the damage these insider threats can do.

 

Find Vulnerabilities 

Authenticated scans can find vulnerabilities that are not detected with an unauthenticated scan. These scans can reveal weak share permissions, missing patches and general overall misconfigurations. Many companies skip running an authenticated scan, but it is the best way to see exactly where things stand for your network.

 

Prepare for Information Overload

Businesses must be prepared to deal with how authenticated network scans can give you an overload of information, which can be a problem if the individual reading reports is not skilled in IT speak. If they see a lot of “critical” or high level flaws, they can make managers and internal auditors jumpy when they don’t truly know what they are reading. A managed service provider can help your company interpret results of an authenticated network scan.

 

Set Aside Time for a Scan

Running authentication network security scans can take up to two to three times longer to implement than unauthenticated scans. The more network hosts you have, the more time it will take. You also need time to analyze the scanner results and to report them since they are much bigger than unauthenticated scans. Be prepared and have a significant chunk time set aside.

 

Scan with Several User Role Levels

To get the most accurate authenticated network security scan it is best from the views of different levels of privilege, such as a standard domain user with limited access and a domain or local administrator. It is also recommended to scan at the highest level possible. By scanning as an administrator or a role that is equivalent to that level you will get the most insight into your company’s network security vulnerabilities.

 

Contact us today if you have any questions about running an authenticated network security scan for your business. Our highly qualified team is here to help.

How Web Scanning Can Help With Web Security Pitfalls

/in , /by

The Internet is a vast place, full of intrigue and wonder – but also chock full of risk. More than 70 percent of all websites have vulnerabilities that could put your business at risk. More than 20 percent of those vulnerabilities are classified as critical, which has the potential to bring business operations to a screeching halt.

The Five Most Common and Significant Web Security Pitfalls, according to the Open Web Application Security Project (OWASP):

Injection – Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Broken Authentication and Session Management – Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.

Cross-Site Scripting (XSS) – XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser, which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Insecure Direct Object References – A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

Security Misconfiguration – Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

With the threat landscape continually evolving, it’s important to take steps to prevent would-be attacks and protect sensitive data.

Web Vulnerability Scanning is a method that uses tools to automatically scan web applications for known security vulnerabilities and deliver a report on the findings. The scans can be scheduled to run when it’s convenient and reports are broken down in a way that is easy to understand, thus enabling you to protect your business more effectively.