Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability...
-
Upload
lisa-welch -
Category
Documents
-
view
232 -
download
5
Transcript of Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability...
Is Your Website Hackable?Check with Acunetix Web Vulnerability Scanner.
Acunetix Web Vulnerability Scanner
Combatting the Web Vulnerability Threat www.acunetix.com
Company Overview
• Founded 2004
• Pioneer in Web Application Security
• Unique Technology - AcuSensor
• OWASP Member
• Award Winning Software
• Fortune 500 Customers
• License Holder of IBM Patent
• Patent # 6,584,569
Combatting the Web Vulnerability Threat www.acunetix.com
Government Customers
NASA FAA US Coast Guard US Department of Energy
National WeatherService
Queensland Government US Geological SurveySaudi Food & Drug
Authority
WHO South Yorkshire Police National Health Service UK
Combatting the Web Vulnerability Threat www.acunetix.com
Military Customers
US Air Force US Army The Pentagon
Korean People’s Army Air ForceTaiwan Ministry of National Defense
Norwegian Armed Forces
Combatting the Web Vulnerability Threat www.acunetix.com
IT & Telecom Customers
Samsung Panasonic British Telecom
Nokia
Fujitsu
Turk Telecom
Siemens T-Mobile
Telstra France Telecom
Skype Telefonica
Combatting the Web Vulnerability Threat www.acunetix.com
Financial Customers
PricewaterhouseCoopers HSBC Credit Suisse
Deloitte Bank of China ING
Barclays BankDeutsche Bank American Express
Combatting the Web Vulnerability Threat www.acunetix.com
Educational Customers
Penn State UniversityColumbia University
Medical Center
The University of AdelaideThe Hong Kong
Polytechnic University Potsdam University
The Ohio State University University of Reading
American Naval War College
Victoria University
Combatting the Web Vulnerability Threat www.acunetix.com
Other Clients
Adidas
Hilton
Air New Zealand
Sony
Nikon Carrefour
CERN Danone
Qatar Airways AXA
Canon Betfair Travelex
Avis Lonely Planet
Combatting the Web Vulnerability Threat www.acunetix.com
Why Web Application Security?
• Hackers concentrating on web applications
– Shopping carts and login pages at risk
• Web apps are publically available 24/7
• Web apps are often custom made and therefore less tested
• Firewalls/network level defense provide no protection!
You must audit your web applications!
Combatting the Web Vulnerability Threat www.acunetix.com
• Gain access to sensitive data (credit card data)
• Run phishing sites
• Run botnets
• Distribute illegal content
• Improve ranking
Why Hackers Hack
Combatting the Web Vulnerability Threat www.acunetix.com
The Cost of Being Hacked
• Loss of customer confidence and thus revenue
• Loss of ability to accept VISA, MC, AMEX and PayPal
• Significant website downtime
• Cost of rebuilding website and server
• Loss of customer data can result in court cases
Combatting the Web Vulnerability Threat www.acunetix.com
Famous Website Hacks
• 11th April 2011 - Barracuda Networks– SQL injection vulnerability despite web app firewall
• 27th March 2011 – MySQL.com– SQL injection attack
• 4th July 2010 – YouTube hacked– Cross-Site Scripting (XSS) Vulnerability
• 6th February 2010 – Kaspersky– SQL Injection Vulnerability
www.acunetix.com/blog
Why Choose
Acunetix Web Vulnerability Scanner?
Key Features and Unique Selling Points
Combatting the Web Vulnerability Threat www.acunetix.com
Industry Leading Crawler
• State of art crawler technology• Client Script Analyzer (CSA)
• Good crawler reduces false positives
• Web 2.0, JavaScript, JQuery and Ajax supported with CSA engine
Combatting the Web Vulnerability Threat www.acunetix.com
• Detection of custom 404
• Able to traverse log in areas using the log on recorder
• Can handle CAPTCHA forms
• Supports single sign on and security token mechanisms
• Understands scope of page and can act accordingly
• AcuSensor technology can find unlinked files too and can deal with URL rewriting rules
Industry Leading Crawler
Combatting the Web Vulnerability Threat www.acunetix.com
Acunetix AcuSensor Technology
• Combines black box scanning & source code analysis
• Analyzes code whilst it is executed!
Combatting the Web Vulnerability Threat www.acunetix.com
• Detection of more vulnerabilities
• Less false positives
• Find configuration issues in the web server or run time environment
Acunetix AcuSensor Technology
Combatting the Web Vulnerability Threat www.acunetix.com
AcuSensor Reports Advanced Debug Information
Reports the SQL query vulnerable to SQL Injection, the POST variable, stack trace
Combatting the Web Vulnerability Threat www.acunetix.com
Indicates where in your code the vulnerability is
AcuSensor Reports Advanced Debug Information
Combatting the Web Vulnerability Threat www.acunetix.com
Lower False Positives
• Includes advanced techniques to verify vulnerabilities
• Analyzes response and fine tunes attack
• AcuSensor does not allow on application feedback only
• Analyzes what app does during execution
Saves security officers and developers time!
Results in significantly lower false positives
Combatting the Web Vulnerability Threat www.acunetix.com
Advanced SQL Injection
• Best in class SQL Injection Detection
• Comparative review confirmed that Acunetix detected many more SQL Injection vulnerabilities than other scanners
• Can do Blind SQL Injection checking
• AcuSensor checks all SQL statements, including SQL INSERT
Combatting the Web Vulnerability Threat www.acunetix.com
• Detects more Cross Site Scripting (XSS) vulnerabilities
• Analyzes if characters are encoded or filtered
• Adapts analysis based on application response
• Uses heuristic approach that focuses on hacking methods
• Does not launch fire and forget checks which other scanners do
Advanced Cross-Site Scripting
Combatting the Web Vulnerability Threat www.acunetix.com
User Friendly Interface
All tools integrated in a single, easy to use GUI
Combatting the Web Vulnerability Threat www.acunetix.com
Easy Configuration, Little Tuning
• Custom 404 detection
• Automatic detection of technologies used (PHP, ASP etc.)
• Point and click config of authenticated area configuration
• Easily configure how to traverse CAPTCHAS
• Manual scan a page and submit to scanner for analysis
Combatting the Web Vulnerability Threat www.acunetix.com
Advanced Penetration Testing Tools
• Includes advanced penetration testing tools:– HTTP Editor
– HTTP Sniffer
– HTTP Fuzzer
– Authentication Tester
– Blind SQL Injector
Combatting the Web Vulnerability Threat www.acunetix.com
Powerful Reporting
• For developers, managers or Compliance
• Legal and Compliance reports– PCI
– HIPAA
– Sarbanes Oxley
• Security Standards– OWASP top 10
– CWE / Sans top 25
– DISA
– NIST
– Web Application Security Consortium
Combatting the Web Vulnerability Threat www.acunetix.com
Detailed Vulnerability Fixing Suggestions
• Includes detailed vulnerability fixing suggestions:– Detailed description
– Links to articles
Combatting the Web Vulnerability Threat www.acunetix.com
Competitive Pricing
• Competitively priced
• Starting from only €995
• Available in 5 editions:– Small Business Edition: 1 nominated Website
– Enterprise Edition: Unlimited Websites
– Enterprise Edition x10 Instances: Unlimited Websites
– Consultant Edition: Unlimited Websites
– Consultant Edition x10 Instances: Unlimited Websites
http://www.acunetix.com/ordering/pricing.htm
Combatting the Web Vulnerability Threat www.acunetix.com
Thank You
Acunetix Blog
http://www.acunetix.com/blog
Acunetix Facebook Page
http://www.facebook.com/Acunetix
List of Checks Run by Acunetix WVS
http://www.acunetix.com/support/vulnerability-checks.htm
www.Acunetix.com