Acunetix Combats Web Attacks with Acunetix Web Vulnerability Scanner 2

Malta, 22nd July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner, a tool to automatically audit Web site security. Acunetix WVS 2 crawls an entire site, launches popular Web attacks (SQL Injection, Cross Site scripting etc.), and identifies vulnerabilities that need to be fixed.

Hackers are concentrating their efforts on Web-based applications -- 75% of cyber attacks are done at the Web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information, and even proprietary corporate data.

Well-known sites that were open to Web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.

Any defense at the network security level will provide no protection against Web application attacks since they are launched on port 80, which has to remain open. In addition, Web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.

"Companies have implemented network-level security. However, they fail to audit and secure their Web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's Web apps should be the number one security concern."

Manually auditing a Web application for vulnerabilities to SQL injection, cross-site scripting, and other Web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner, the process of auditing Web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.

How Acunetix Web Vulnerability Scanner Works

Acunetix WVS first crawls the whole Web site, analyzes in-depth each file it finds, and displays the entire Web site structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.

SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your Web application is vulnerable to both of these attacks. More information about cross site scripting and SQL injection at our Web site security info page: http://www.acunetix.com/Websitesecurity/Web-site-security.htm.

Acunetix Web Vulnerability Scanner also checks for the following Web attacks:

  • CRLF injection attacks

  • Code execution attacks

  • Directory traversal attacks

  • File inclusion attacks

  • Input validation attacks

  • Authentication attacks.

Advanced penetration testing tools

Acunetix WVS also includes tools such as an HTTP editor and HTTP sniffer to allow customization of Web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.

Pricing and Availability

Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit: http://www.acunetix.com/wvs/wvspricing.htm.

About Acunetix

Acunetix was founded to combat the alarming rise in Web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. For more information about Acunetix visit http://www.acunetix.com.

All product and company names herein may be trademarks of their respective owners.