Web applications: a chink in your armour?

By | December 14, 2006

Acunetix, a leading web security software company, today announced the release of Acunetix Web Vulnerability Scanner version 4. This latest version provides a more comprehensive solution for enterprises wanting to detect exploitable website and web application vulnerabilities such as SQL Injection and Cross Site Scripting.

“This release comes at a time when hackers are launching more aggressive attacks on web applications. Some hackers have successfully compromised the websites of large companies such as Microsoft and Paypal and even accessed very personal and highly sensitive data of thousands of victims through government websites.” says Nick Galea, CEO of Acunetix.“

Acunetix Web Vulnerability Scanner provides protection by automatically auditing the security of websites. The software crawls an entire website, launches several web attacks (SQL Injection, Cross Site Scripting, Google hacking, etc.) and identifies vulnerabilities that need to be fixed, while proposing recommendations.

Web Applications: a hacker’s backdoor entry to sensitive information

“Increasingly, businesses are becoming aware of the importance of securing websites to prevent hackers from gaining access to sensitive customer data, through poorly designed web applications. These web applications are prone to attack because they are accessible 24×7 and receive/deliver content directly from databases containing the data,” reports Galea. “Standard network security provides no protection against web application attacks since these are launched on port 80 which has to remain open to allow regular operation of the business,” he adds.

Chinks in the Armour

78% of financial services institutions (including banks, insurers and investment professionals) were attacked by hackers in the past year, according to Deloitte´s annual 2006 Global Security Survey. This is in stark contrast with only 26% reported in 2005.

In June this year, an unknown number of PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information. Hackers deceived their victims by injecting and running malicious code on the genuine PayPal website by using the Cross Site Scripting technique.

Security researcher, Yash Kadakia, announced that Cross Site Scripting and CRLF (Carriage Return Line Feed) injection vulnerabilities found in MSN and Amazon sites could be used by hackers to gain access to Amazon.com and MSN accounts, or to display a fake login page for use in phishing attacks.

“The dramatic rise in web application hacks is denting online purchasing confidence and causing irreversible damage to businesses,” remarks Galea. “That is why we are offering free security audits to any business with an online presence.”

Acunetix WVS: New Features

The new Acunetix Web Vulnerability Scanner broadens the scope of vulnerability scanning by introducing advanced and highly rigorous heuristic technologies to tackle the complexities of today´s web-based environments.

Javascript / AJAX application security scanning

Version 4 now adds the ability to check AJAX applications for security vulnerabilities. AJAX applications offer tremendous possibilities for extending the use of web applications, however they also require more stringent security checks. Acunetix WVS 4 now includes the industry’s most advanced JavaScript analyzer to help companies keep their AJAX applications secure.

Other new features include: Command Line Support, URL Rewrites, Custom Cookies Support and Enhanced Search, Scheduling, Logging and Reporting

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

Pricing & Availability

Acunetix WVS is available as an enterprise or as a consultant version. A perpetual license to scan 1 website can be purchased for as little as $1,495, whereas a perpetual license to scan an unlimited amount of websites costs $4,995. For more information visit: http://www.acunetix.com/ordering/pricing.htm.

Leave a Reply