Directories

Web applications: a chink in your armour?

2006-07-13

Secure your web applications against SQL injection, XSS and other vulnerabilities with Acunetix WVS 4.0

London, UK - 13 July, 2006 - Acunetix, a leading web security software company, today announced the release of Acunetix Web Vulnerability Scanner version 4. This latest version provides a more comprehensive solution for enterprises wanting to detect exploitable website and web application vulnerabilities such as SQL Injection and Cross Site Scripting.

"This release comes at a time when hackers are launching more aggressive attacks on web applications. Some hackers have successfully compromised the websites of large companies such as Microsoft and Paypal and even accessed very personal and highly sensitive data of thousands of victims through government websites." says Nick Galea, CEO of Acunetix."

Acunetix Web Vulnerability Scanner provides protection by automatically auditing the security of websites. The software crawls an entire website, launches several web attacks (SQL Injection, Cross Site Scripting, Google hacking, etc.) and identifies vulnerabilities that need to be fixed, while proposing recommendations.

Web Applications: a hacker's backdoor entry to sensitive information

"Increasingly, businesses are becoming aware of the importance of securing websites to prevent hackers from gaining access to sensitive customer data, through poorly designed web applications. These web applications are prone to attack because they are accessible 24x7 and receive/deliver content directly from databases containing the data," reports Galea. "Standard network security provides no protection against web application attacks since these are launched on port 80 which has to remain open to allow regular operation of the business," he adds.

Chinks in the Armour

78% of financial services institutions (including banks, insurers and investment professionals) were attacked by hackers in the past year, according to Deloitte's annual 2006 Global Security Survey. This is in stark contrast with only 26% reported in 2005.

* In June this year, an unknown number of PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information. Hackers deceived their victims by injecting and running malicious code on the genuine PayPal website by using the Cross Site Scripting technique.
* Security researcher, Yash Kadakia, announced that Cross Site Scripting and CRLF (Carriage Return Line Feed) injection vulnerabilities found in MSN and Amazon sites could be used by hackers to gain access to Amazon.com and MSN accounts, or to display a fake login page for use in phishing attacks.

"The dramatic rise in web application hacks is denting online purchasing confidence and causing irreversible damage to businesses," remarks Galea. "That is why we are offering free security audits to any business with an online presence."

Acunetix WVS: New Features
The new Acunetix Web Vulnerability Scanner broadens the scope of vulnerability scanning by introducing advanced and highly rigorous heuristic technologies to tackle the complexities of today's web-based environments.

Javascript / AJAX application security scanning
Version 4 now adds the ability to check AJAX applications for security vulnerabilities. AJAX applications offer tremendous possibilities for extending the use of web applications, however they also require more stringent security checks. Acunetix WVS 4 now includes the industry's most advanced JavaScript analyzer to help companies keep their AJAX applications secure.


Scans for Javascript and AJAX applications

Other new features include: Command Line Support, URL Rewrites, Custom Cookies Support and Enhanced Search, Scheduling, Logging and Reporting

Acunetix provides free audit to help companies determine the security of their websites
Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

Pricing & Availability
Acunetix WVS is available as an enterprise or as a consultant version. A perpetual license to scan 1 website can be purchased for as little as $1,495, whereas a perpetual license to scan an unlimited amount of websites costs $4,995. For more information visit: http://www.acunetix.com/ordering/pricing.htm.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

Related Downloads

Maui Security Scanner 2.52.42

Maui is a automated next-generation web application vulnerability scanner.

Able to quickly scan and analyze large complex web sites/applications, Maui identifies application vulnerabilities ( e.g. Cross Site Scripting (XSS), SQL injection,...

Netsparker Community Edition 1.3.7.5

Netsparker can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques...

Acunetix Web Vulnerability Scanner FREE 6.0

Audit your website security with Acunetix Web Vulnerability Scanner As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are...

Acunetix Web Vulnerability Scanner 8.0 Build 20120

Acunetix Web Vulnerability Scanner first identifies web servers from a particular IP or IP range. After that, it crawls the whole site, gathering information about every file it finds, and displaying the entire website structure. After this...

Cloud Penetrator 12.5.5

Cloud Penetrator - Online Web Vulnerability Scanning - SQL Injection Cross Site Scripting.SecPoint delivers the best online vulnerability scanning service. Prevent Hackers from hacking your web servers and stealing sensitive information! Website...

KayRa 0.2a

KayRa was designed to be a Web Application Auditing Tool that tests the security of your Web Site.

On a basic level of operation, KayRa will grab a specified page from a specified site and test it for the following:
- Invalid Form...

NoSpyZone Security Center 2.5

NoSpyZone Security Center is a simple way for you to manage your computer security... Set it up and forget about it. The NoSpyZone Security Center is a FREE utility that will keep your virus scanner, spy detector, adware scanner, rootkit scanner,...

Dragonsoft Vulnerability Management

Dragonsoft Vulnerability Management 4.3

DragonSoft Vulnerability Management(DVM) is designed for mid to large corporate's optimal network security vulnerability management solution. The Security Scanner and Vulnerability Risk Management are DVM's two major features, making DVM a...

D-Guard Web Application Firewall Basic 2.79

Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. The D-Guard Web Application Firewall is a powerful security tool for Web applications and Web...

D-Guard Web Application Firewall Gateway 2.79

Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. The D-Guard Web Application Firewall is a powerful security tool for Web applications and Web...