is your website hackable? check with acunetix web vulnerability scanner. acunetix web vulnerability...

Is Your Website Hackable?Check with Acunetix Web Vulnerability Scanner.

Acunetix Web Vulnerability Scanner

Combatting the Web Vulnerability Threat www.acunetix.com

Company Overview

• Founded 2004

• Pioneer in Web Application Security

• Unique Technology - AcuSensor

• OWASP Member

• Award Winning Software

• Fortune 500 Customers

• License Holder of IBM Patent

• Patent # 6,584,569

Combatting the Web Vulnerability Threat www.acunetix.com

Government Customers

NASA FAA US Coast Guard US Department of Energy

National WeatherService

Queensland Government US Geological SurveySaudi Food & Drug

Authority

WHO South Yorkshire Police National Health Service UK

Combatting the Web Vulnerability Threat www.acunetix.com

Military Customers

US Air Force US Army The Pentagon

Korean People’s Army Air ForceTaiwan Ministry of National Defense

Norwegian Armed Forces

Combatting the Web Vulnerability Threat www.acunetix.com

IT & Telecom Customers

Samsung Panasonic British Telecom

Nokia

Fujitsu

Turk Telecom

Siemens T-Mobile

Telstra France Telecom

Skype Telefonica

Combatting the Web Vulnerability Threat www.acunetix.com

Financial Customers

PricewaterhouseCoopers HSBC Credit Suisse

Deloitte Bank of China ING

Barclays BankDeutsche Bank American Express

Combatting the Web Vulnerability Threat www.acunetix.com

Educational Customers

Penn State UniversityColumbia University

Medical Center

The University of AdelaideThe Hong Kong

Polytechnic University Potsdam University

The Ohio State University University of Reading

American Naval War College

Victoria University

Combatting the Web Vulnerability Threat www.acunetix.com

Other Clients

Adidas

Hilton

Air New Zealand

Sony

Nikon Carrefour

CERN Danone

Qatar Airways AXA

Canon Betfair Travelex

Avis Lonely Planet

Combatting the Web Vulnerability Threat www.acunetix.com

Why Web Application Security?

• Hackers concentrating on web applications

– Shopping carts and login pages at risk

• Web apps are publically available 24/7

• Web apps are often custom made and therefore less tested

• Firewalls/network level defense provide no protection!

You must audit your web applications!

Combatting the Web Vulnerability Threat www.acunetix.com

• Gain access to sensitive data (credit card data)

• Run phishing sites

• Run botnets

• Distribute illegal content

• Improve ranking

Why Hackers Hack

Combatting the Web Vulnerability Threat www.acunetix.com

The Cost of Being Hacked

• Loss of customer confidence and thus revenue

• Loss of ability to accept VISA, MC, AMEX and PayPal

• Significant website downtime

• Cost of rebuilding website and server

• Loss of customer data can result in court cases

Combatting the Web Vulnerability Threat www.acunetix.com

Famous Website Hacks

• 11th April 2011 - Barracuda Networks– SQL injection vulnerability despite web app firewall

• 27th March 2011 – MySQL.com– SQL injection attack

• 4th July 2010 – YouTube hacked– Cross-Site Scripting (XSS) Vulnerability

• 6th February 2010 – Kaspersky– SQL Injection Vulnerability

www.acunetix.com/blog

Why Choose

Acunetix Web Vulnerability Scanner?

Key Features and Unique Selling Points

Combatting the Web Vulnerability Threat www.acunetix.com

Industry Leading Crawler

• State of art crawler technology• Client Script Analyzer (CSA)

• Good crawler reduces false positives

• Web 2.0, JavaScript, JQuery and Ajax supported with CSA engine

Combatting the Web Vulnerability Threat www.acunetix.com

• Detection of custom 404

• Able to traverse log in areas using the log on recorder

• Can handle CAPTCHA forms

• Supports single sign on and security token mechanisms

• Understands scope of page and can act accordingly

• AcuSensor technology can find unlinked files too and can deal with URL rewriting rules

Industry Leading Crawler

Combatting the Web Vulnerability Threat www.acunetix.com

Acunetix AcuSensor Technology

• Combines black box scanning & source code analysis

• Analyzes code whilst it is executed!

Combatting the Web Vulnerability Threat www.acunetix.com

• Detection of more vulnerabilities

• Less false positives

• Find configuration issues in the web server or run time environment

Acunetix AcuSensor Technology

Combatting the Web Vulnerability Threat www.acunetix.com

AcuSensor Reports Advanced Debug Information

Reports the SQL query vulnerable to SQL Injection, the POST variable, stack trace

Combatting the Web Vulnerability Threat www.acunetix.com

Indicates where in your code the vulnerability is

AcuSensor Reports Advanced Debug Information

Combatting the Web Vulnerability Threat www.acunetix.com

Lower False Positives

• Includes advanced techniques to verify vulnerabilities

• Analyzes response and fine tunes attack

• AcuSensor does not allow on application feedback only

• Analyzes what app does during execution

Saves security officers and developers time!

Results in significantly lower false positives

Combatting the Web Vulnerability Threat www.acunetix.com

Advanced SQL Injection

• Best in class SQL Injection Detection

• Comparative review confirmed that Acunetix detected many more SQL Injection vulnerabilities than other scanners

• Can do Blind SQL Injection checking

• AcuSensor checks all SQL statements, including SQL INSERT

Combatting the Web Vulnerability Threat www.acunetix.com

• Detects more Cross Site Scripting (XSS) vulnerabilities

• Analyzes if characters are encoded or filtered

• Adapts analysis based on application response

• Uses heuristic approach that focuses on hacking methods

• Does not launch fire and forget checks which other scanners do

Advanced Cross-Site Scripting

Combatting the Web Vulnerability Threat www.acunetix.com

User Friendly Interface

All tools integrated in a single, easy to use GUI

Combatting the Web Vulnerability Threat www.acunetix.com

Easy Configuration, Little Tuning

• Custom 404 detection

• Automatic detection of technologies used (PHP, ASP etc.)

• Point and click config of authenticated area configuration

• Easily configure how to traverse CAPTCHAS

• Manual scan a page and submit to scanner for analysis

Combatting the Web Vulnerability Threat www.acunetix.com

Advanced Penetration Testing Tools

• Includes advanced penetration testing tools:– HTTP Editor

– HTTP Sniffer

– HTTP Fuzzer

– Authentication Tester

– Blind SQL Injector

Combatting the Web Vulnerability Threat www.acunetix.com

Powerful Reporting

• For developers, managers or Compliance

• Legal and Compliance reports– PCI

– HIPAA

– Sarbanes Oxley

• Security Standards– OWASP top 10

– CWE / Sans top 25

– DISA

– NIST

– Web Application Security Consortium

Combatting the Web Vulnerability Threat www.acunetix.com

Detailed Vulnerability Fixing Suggestions

• Includes detailed vulnerability fixing suggestions:– Detailed description

– Links to articles

Combatting the Web Vulnerability Threat www.acunetix.com

Competitive Pricing

• Competitively priced

• Starting from only €995

• Available in 5 editions:– Small Business Edition: 1 nominated Website

– Enterprise Edition: Unlimited Websites

– Enterprise Edition x10 Instances: Unlimited Websites

– Consultant Edition: Unlimited Websites

– Consultant Edition x10 Instances: Unlimited Websites

http://www.acunetix.com/ordering/pricing.htm

Combatting the Web Vulnerability Threat www.acunetix.com

Thank You

Acunetix Blog

http://www.acunetix.com/blog

Acunetix Facebook Page

http://www.facebook.com/Acunetix

List of Checks Run by Acunetix WVS

http://www.acunetix.com/support/vulnerability-checks.htm

www.Acunetix.com