Posts

Improvements to Acunetix Web Vulnerability Scanner 10

Technology is quickly changing the way more and more businesses are running. Advancements in browser technology and the spread of cloud computing are making web services and applications the core elements of most companies. These advancements are improving business with better efficiency and productivity, but at the same time opening themselves up to online hackers.

Since more than 70% of websites and applications contain vulnerabilities that can make sensitive data easy to steal, it has been critical that businesses use tools like the Acunetix Web Vulnerability Scanner for security against cyber-crimes. The latests version, Acunetix 10, has been released and contains major upgrades. Below we discuss the ways that Acunetix 10 is even better than the previous versions of the trusted web vulnerability scanner you have come to rely on.

 

Re-Engineered ‘Login Sequence Recorder’ for Acunetix 10 

Experts have re-engineered the ‘Login Sequence Recorder’ from the ground-up, which allows for restricted areas to be entirely scanned automatically, giving you better peace of mind. Generally, restricted areas like user login pages make it harder for a scanner to access them and would need manual direction. The Acunetix 10 ‘Login Sequence Recorder’ has been significantly improved so that it can automatically scan web applications that use an OAuth-based authentication and single Sign-On (SSO). The ‘Login Sequence Recorder’ shows extreme improvements in the support for nonces, anti-CSRF token or one-time tokens that are used in restricted areas.

 

Better WordPress Vulnerability Detection 

Since over 74 million WordPress sites are up and running, all it takes is one vulnerability found in WordPress Core or a plugin to attack millions of individual sites. Acunetix Version 10 now tests for more than 1200 vulnerabilities that are specific to WordPress, based on the most commonly downloaded plugins. It can still retain the ability to detect custom built plugin vulnerabilities, and no other scanner on the market can detect such a high number of possible WordPress weaknesses.

 

Improved Support for A Variety of Web Services and Development Architectures 

Ruby on Rails and Java are what many mission critical, enterprise-grade applications are built on. Acunetix Version 10 has been constructed to crawl and scan web applications built using these technologies with extreme accuracy. Specific improvements are seen for SOAP-based web services with WCF and WSDL descriptions, along with automated scans of RESTful web services that use WADL definitions. Version 10 additionally uses a dynamic crawl pre-seeding via integration of third-party, external tools that include Burp Suite, Fiddler and the Selenium IDE. This enhances Business Logic Testing and the workflow among Automation and Manual Testing.

 

Acunetix 10 Detects Malware and Phishing URLs 

A malware URL detection service ships with Acunetix Version 10, which is used to analyze every external link found during a scan against a database of Malware and Phishing URLs that is constantly updated. This Malware Detection Service uses the Google and Yandex Safe Browsing Database.

 

Contact us today if you have any questions about updating to Acunetix 10! It is the best decision you will make for the online security of your business.

Reduce Web Vulnerability Scan Times

Business applications and websites are being routinely attacked and facing a number of threats from hackers looking to steal sensitive information. Luckily, we have the capabilities to ensure that your business website is secure and free of flaws that could be used by online criminals to infiltrate the system. This is done by running web vulnerability scans. The amount of time it takes to scan is very important, and if your vulnerability scan times are slow, it leaves you more vulnerable to a security breach. All it takes is one successful digital break-in by a cyber-criminal for them to access all your sensitive data.

 

Web Vulnerability Scan Times

A good response time is anything under .2 second, and a response time over .3 second is considered dangerously large, causing scans to take an excessively long time to complete. One of the most common reasons for slow vulnerability scanning times is the relation of the response time between scanner and target application or website. Of course, there are many things that can lead to a high response time and lengthen the time it takes to complete your vulnerability scan. Here we discuss ways to reduce web vulnerability scan times.

 

Web Server Performance

Your web server simply might not be acting to its full potential, slowing down the scanning process. Start by looking at items like your hard disk access, CPU, memory etc. Often this type of issue is solved after you upgrade your server. Be sure you’re upgrading to something that is able to meet the needs of your business and don’t settle for less.

 

Firewall Problems

A slow scan time could be because of your Intrusion Detection System, Web Application Firewall or network firewall. Make sure that your antivirus software is up to date. Firewalls are notorious for causing very long site response times.

 

Database Performance

Once you know that your web server is not slowing you down, consider the database. Slow response times may be solved once the database has been cleaned up and optimized. By doing these simple tasks, your system has less queries to go through every time a response is requested.

 

Bandwidth and Network Performance

When the network is busy, that will slow everything down. Your server might be in the middle of a bottleneck and that will certainly affect your scan time. Try testing your server from several different locations to confirm this, then you can work on a resolution.

 

Seek Outside Assistance

You may try all of these tactics and you’re still getting slow response times. Seek outside assistance so you can customize your web vulnerability scan with the Acunetix Web Scanner Tool. Sometimes the whole website does not require scanning but instead the scans can be divided into smaller segments. Acunetix Web Scanner Tool has several filtering options available to reduce web vulnerability scan times.

To learn more about reducing your scan time, contact us today. Our Acunetix trained engineers will be happy to assist you.

How Web Scanning Can Help With Web Security Pitfalls

The Internet is a vast place, full of intrigue and wonder – but also chock full of risk. More than 70 percent of all websites have vulnerabilities that could put your business at risk. More than 20 percent of those vulnerabilities are classified as critical, which has the potential to bring business operations to a screeching halt.

The Five Most Common and Significant Web Security Pitfalls, according to the Open Web Application Security Project (OWASP):

Injection – Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Broken Authentication and Session Management – Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.

Cross-Site Scripting (XSS) – XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser, which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Insecure Direct Object References – A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

Security Misconfiguration – Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

With the threat landscape continually evolving, it’s important to take steps to prevent would-be attacks and protect sensitive data.

Web Vulnerability Scanning is a method that uses tools to automatically scan web applications for known security vulnerabilities and deliver a report on the findings. The scans can be scheduled to run when it’s convenient and reports are broken down in a way that is easy to understand, thus enabling you to protect your business more effectively.