1 / 29

Is Your Website Hackable?

Acunetix Web Vulnerability S canner. Is Your Website Hackable?. Check with Acunetix Web Vulnerability Scanner. Company Overview. Founded 2004 Pioneer in Web Application Security Unique Technology - AcuSensor OWASP Member Award Winning Software Fortune 500 Customers

shani
Download Presentation

Is Your Website Hackable?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Acunetix Web Vulnerability Scanner Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner.

  2. Company Overview • Founded 2004 • Pioneer in Web Application Security • Unique Technology - AcuSensor • OWASP Member • Award Winning Software • Fortune 500 Customers • License Holder of IBM Patent • Patent # 6,584,569

  3. Government Customers US Department of Energy National Weather Service NASA FAA US Coast Guard WHO South Yorkshire Police National Health Service UK Saudi Food & Drug Authority Queensland Government US Geological Survey

  4. Military Customers US Air Force The Pentagon US Army Taiwan Ministry of National Defense Norwegian Armed Forces Korean People’s Army Air Force

  5. IT & Telecom Customers Panasonic British Telecom Samsung Nokia Siemens T-Mobile Telstra France Telecom Fujitsu Turk Telecom Skype Telefonica

  6. Financial Customers PricewaterhouseCoopers HSBC Credit Suisse Bank of China ING Deloitte Barclays Bank Deutsche Bank American Express

  7. Educational Customers Columbia University Medical Center Penn State University American Naval War College The Hong Kong Polytechnic University The University of Adelaide Potsdam University University of Reading The Ohio State University Victoria University

  8. Other Clients Adidas CERN Danone Qatar Airways Air New Zealand AXA Canon Betfair Travelex Nikon Carrefour Hilton Sony Avis Lonely Planet

  9. Why Web Application Security? • Hackers concentrating on web applications • Shopping carts and login pages at risk • Web apps are publically available 24/7 • Web apps are often custom made and therefore less tested • Firewalls/network level defense provide no protection! • You must audit your web applications!

  10. Why Hackers Hack • Gain access to sensitive data (credit card data) • Run phishing sites • Run botnets • Distribute illegal content • Improve ranking

  11. The Cost of Being Hacked • Loss of customer confidence and thus revenue • Loss of ability to accept VISA, MC, AMEX and PayPal • Significant website downtime • Cost of rebuilding website and server • Loss of customer data can result in court cases

  12. Famous Website Hacks • 11th April 2011 - Barracuda Networks • SQL injection vulnerability despite web app firewall • 27th March 2011 – MySQL.com • SQL injection attack • 4th July 2010 – YouTube hacked • Cross-Site Scripting (XSS) Vulnerability • 6th February 2010 – Kaspersky • SQL Injection Vulnerability • www.acunetix.com/blog

  13. Why Choose Acunetix Web Vulnerability Scanner? Key Features and Unique Selling Points

  14. Industry Leading Crawler • State of art crawler technology • Client Script Analyzer (CSA) • Good crawler reduces false positives • Web 2.0, JavaScript, JQuery and Ajax supported with CSA engine

  15. Industry Leading Crawler • Detection of custom 404 • Able to traverse log in areas using the log on recorder • Can handle CAPTCHA forms • Supports single sign on and security token mechanisms • Understands scope of page and can act accordingly • AcuSensor technology can find unlinked files too and can deal with URL rewriting rules

  16. Acunetix AcuSensor Technology • Combines black box scanning & source code analysis • Analyzes code whilst it is executed!

  17. Acunetix AcuSensor Technology • Detection of more vulnerabilities • Less false positives • Find configuration issues in the web server or run time environment

  18. AcuSensor Reports Advanced Debug Information Reports the SQL query vulnerable to SQL Injection, the POST variable, stack trace

  19. AcuSensor Reports Advanced Debug Information Indicates where in your code the vulnerability is

  20. Lower False Positives • Includes advanced techniques to verify vulnerabilities • Analyzes response and fine tunes attack • AcuSensor does not allow on application feedback only • Analyzes what app does during execution • Saves security officers and developers time! • Results in significantly lower false positives

  21. Advanced SQL Injection • Best in class SQL Injection Detection • Comparative review confirmed that Acunetix detected many more SQL Injection vulnerabilities than other scanners • Can do Blind SQL Injection checking • AcuSensor checks all SQL statements, including SQL INSERT

  22. Advanced Cross-Site Scripting • Detects more Cross Site Scripting (XSS) vulnerabilities • Analyzes if characters are encoded or filtered • Adapts analysis based on application response • Uses heuristic approach that focuses on hacking methods • Does not launch fire and forget checks which other scanners do

  23. User Friendly Interface All tools integrated in a single, easy to use GUI

  24. Easy Configuration, Little Tuning • Custom 404 detection • Automatic detection of technologies used (PHP, ASP etc.) • Point and click config of authenticated area configuration • Easily configure how to traverse CAPTCHAS • Manual scan a page and submit to scanner for analysis

  25. Advanced Penetration Testing Tools • Includes advanced penetration testing tools: • HTTP Editor • HTTP Sniffer • HTTP Fuzzer • Authentication Tester • Blind SQL Injector

  26. Powerful Reporting • For developers, managers or Compliance • Legal and Compliance reports • PCI • HIPAA • Sarbanes Oxley • Security Standards • OWASP top 10 • CWE / Sans top 25 • DISA • NIST • Web Application Security Consortium

  27. Detailed Vulnerability Fixing Suggestions • Includes detailed vulnerability fixing suggestions: • Detailed description • Links to articles

  28. Competitive Pricing • Competitively priced • Starting from only €995 • Available in 5 editions: • Small Business Edition: 1 nominated Website • Enterprise Edition: Unlimited Websites • Enterprise Edition x10 Instances: Unlimited Websites • Consultant Edition: Unlimited Websites • Consultant Edition x10 Instances: Unlimited Websites • http://www.acunetix.com/ordering/pricing.htm

  29. Thank You Acunetix Blog http://www.acunetix.com/blog Acunetix Facebook Page http://www.facebook.com/Acunetix List of Checks Run by Acunetix WVS http://www.acunetix.com/support/vulnerability-checks.htm www.Acunetix.com

More Related