1

Acunetix

Find, fix, and prevent vulnerabilities

Acunetix is an application security testing solution for securing your websites, web applications, and APIs

Acunetix is an application security testing solution that helps you address vulnerabilities across all your critical web assets.

Find what other scanners don’t

Acunetix isn’t your typical web vulnerability scanner. Whatever your web presence, Acunetix has what it takes to manage the security of all your assets

  • Detect over 7,000 vulnerabilities including SQL injections, XSS, misconfigurations, weak passwords, exposed databases, and out-of-band vulnerabilities.
  • Scan all pages, web apps, and complex web applications, including single-page applications with lots of HTML5 and JavaScript.
  • Advanced macro recording technology lets you scan complex multi-level forms and even password-protected areas of your site.
We give better results in less time

Acunetix will assess the severity of the issue and provide you with immediately actionable insights if the vulnerabilities are real and not false positives.

  • Acunetix, which is intuitive and simple to use, eliminates lengthy setup and onboarding times. In just a few clicks, you can be up and running.
  • Acunetix validates which vulnerabilities are genuine, relieving your team of the burden of tracking down false positives.
  • Saves time with lightning-fast scans that find key vulnerabilities immediately and don’t hog your network or overload your servers.
Automation at your Fingertips

Acunetix’s power can be expanded even further with automation.

  • Schedule and prioritize full or incremental scans based on traffic volume and specific business requirements.
  • Manage issues with built-in vulnerability management functionality or integrate with your existing tracking system, such as Jira, GitHub, GitLab, Azure, DevOps, Bugzilla, or Mantis.
  • Scanning new builds automatically with modern CI tools like Jenkins, and importing pre-seed crawl data from Fiddler, Burp, Paros, Postman, and other tools.

 

frequently asked questions

  • Web application security vulnerabilities are very different from malware. They are programming bugs – introduced by the application creators themselves, not by malicious parties. Therefore, the only way to remove them is for the developer to fix the application. If the vulnerability is in a custom application, written by your developers specifically for your business, only you can fix it. If the vulnerability is in a third-party application, for example, a CMS plugin, you can wait for the creators of the third-party application to fix it or your developers may fix it themselves temporarily until a safe version comes out.

  • If all your web applications are third-party software, for example, WordPress or Magento, you will be able to patch them after Acunetix finds a vulnerability (if a patch is available). However, Acunetix can find even vulnerabilities that the creators of third-party software don’t know about. If you build your own web applications, those applications cannot be simply patched. Your developers will need to find a way to fix them. Acunetix will help your developers by providing links to resources that teach them how to fix typical vulnerabilities. You can also use Acunetix to double-check later if vulnerabilities have been fixed.

  • Relying on a web application firewall for web application security is like taking a pain killer pill while having a serious medical issue. The pill will take away the pain but the medical issue will still be there. You need to go to the doctor to find the source of the medical issue and address it. Acunetix is your first contact doctor for the web, not a painkiller like a WAF. Acunetix helps you find the source of the issue in the web application so your developers can address it. If you just use a WAF, your issue will be partially masked from attackers. It will be more difficult to attack your web application but not impossible. However, if you already have a WAF or planning to buy one, you can use it the right way together with Acunetix.

  • Open-source web application security solutions are much simpler and much more limited than professional products like Acunetix and its commercial competitors. If you have one web application, you can use an open-source product to secure it. But if you have more web applications and, most importantly, if you want your company to grow, you will soon find out that an open-source application will not meet your needs and will hinder your web security.

  • Source code scanners, commonly referred to as SAST tools, are used in slightly different circumstances than web vulnerability scanners like Acunetix, commonly referred to as DAST tools. SAST tools are meant to be used only in automated environments, not for ad-hoc security. They require full access to the entire source code, which is often not possible, for example, if you use third-party libraries. They don’t provide the whole picture of vulnerabilities, for example, they won’t find any web server misconfigurations. They also work for only some programming languages, so you may be unable to use them for all your web applications. There is just one advantage of source code scanners – they help with faster remediation because the developer receives the exact location of the security issue in the source code. However, if you need that kind of information, you can use the AcuSensor IAST module, which will also provide you with line numbers.

  • In a professional environment, we recommend that you don’t just fall back onto a single tool, even one as good as Acunetix. We recommend that you build your security by starting with Acunetix and then add more elements such as a web application firewall (WAF), a source code scanner (SAST), a software composition analysis (SCA) tool, a runtime application security protection (RASP) tool, as well as perform external penetration tests and red team vs. blue team exercises, create a bounty program, and more. However, you don’t need all of that at the beginning. If you start with Acunetix, most of your web application security needs will be covered. You need other solutions simply to come closer to perfection when it comes to web application security.

  • While bounty programs are an excellent element of web application security strategies, they are very inefficient if treated as the primary element. You have no control over a bounty program at all. They give no guarantees, they are not thorough, and they give a false sense of security. Independent white-hat hackers cannot cover all your web applications and all of their functions. They will focus on vulnerabilities that are easy to find and get paid for. You may even end up paying a lot of money to hackers who used Acunetix to find vulnerabilities for you.