CG数据库 >> Acunetix Web Vulnerability Scanner Consultant Edition 9.5.20151902

Acunetix Web Vulnerability Scanner Consultant Edition 9.5.20151902的图片1

Acunetix Web Vulnerability Scanner是一个网站及服务器漏洞扫描软件,它包含有收费和免费两种版本。这是顾问版。

多达 70% 的网络站点存在漏洞,可能会导致公司的敏感数据(例如:信用卡信息和客户列表等)失窃。

黑客正将其精力集中在基于 web 的应用程序上——购物车、表格、登录页面、动态内容等。在世界各地可全天候访问且不安全的 web 应用程序提供对企业后台数据库的轻松访问。

防火墙、SSL 和锁定的服务器无法抵御针对 web 应用程序的黑客攻击!

来自于 80/443 端口的 web 应用程序攻击,直接穿过防火墙,通过操作系统和网络级别安全,并且正中您应用程序和企业数据的要害。定制的 web 应用程序通常未经过充分测试,含有未检测出的漏洞,因此容易成为黑客的猎物。

Acunetix Web Vulnerability Scanner的功能

AcuSensor 技术

自动的客户端脚本分析器,允许对 Ajax 和 Web 2.0 应用程序进行安全性测试。

业内最先进且深入的 SQL 注入和跨站脚本测试

高级渗透测试工具,例如 HTTP Editor 和 HTTP Fuzzer

可视化宏记录器帮助您轻松测试 web 表格和受密码保护的区域

支持含有 CAPTHCA 的页面,单个开始指令和 Two Factor(双因素)验证机制

丰富的报告功能,包括 VISA PCI 依从性报告

高速的多线程扫描器轻松检索成千上万个页面

智能爬行程序检测 web 服务器类型和应用程序语言

Acunetix 检索并分析网站,包括 flash 内容、SOAP 和 AJAX

端口扫描 web 服务器并对在服务器上运行的网络服务执行安全检查

可导出网站漏洞文件

Acunetix Web Vulnerability Scanner Consultant Edition 9.5.20151902 | 40 MB

Audit your website security with Acunetix Web Vulnerability Scanner. As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.

Firewalls, SSL and locked-down servers are futile against web application hacking!

Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right in to the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.

Acunetix - a world-wide leader in web application security

Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection.

Acunetix Web Vulnerability Scanner includes many innovative features:

* An automatic Javascript analyzer allowing for security testing of Ajax and Web 2.0 applications

* Industries' most advanced and in-depth SQL injection and Cross site scripting testing

* Visual macro recorder makes testing web forms and password protected areas easy

* Extensive reporting facilities including VISA PCI compliance reports

* Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease

* Intelligent crawler detects web server type and application language

* Acunetix crawls and analyzes websites including flash content, SOAP and AJAX

Which Vulnerabilities does Acunetix WVS Check for?

Acunetix WVS automatically checks for the following vulnerabilities among others:

* Version Check

*

o Vulnerable Web Servers

o Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

*

* CGI Tester

*

o Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)

o Verify Web Server Technologies

*

* Parameter Manipulation

*

o Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.

o SQL Injection

o Code Execution

o Directory Traversal

o File Inclusion

o Script Source Code Disclosure

o CRLF Injection

o Cross Frame Scripting (XFS)

o PHP Code Injection

o XPath Injection

o Full Path Disclosure

o LDAP Injection

o Cookie Manipulation

o Arbitrary File creation (AcuSensor Technology)

o Arbitrary File deletion (AcuSensor Technology)

o Email Injection (AcuSensor Technology)

o File Tampering (AcuSensor Technology)

o URL redirection

o Remote XSL inclusion

*

* MultiRequest Parameter Manipulation

*

o Blind SQL/XPath Injection

+ DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)

+ FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)

+ Security and configuration checks for badly configured proxy servers

+ Checks for weak SNMP community strings and weak SSL cyphers

+ and many other network level vulnerability checks!

Other vulnerability tests may also be preformed using the manual tools provided, including:

* Input Validation

* Authentication attacks

* Buffer overflows

* Blind SQL injection

* Sub domain scanning