Acunetix is an end-to-end Web Application Security Scanner that audits web applications by checking for SQL Injections, Cross site scripting, Out-of-band vulnerabilities, exposed databases, and so on. Acunetix can detect 7000+ vulnerabilities with blended DAST and IAST (Interactive Application Security Testing) scanning. The three main principles of Acunetix is Find, Fix and Prevent.
Acunetix scans all web applications along with network assets all in a single interface and provides report in central reporting where trends, history and other information is given.
Acunetix is available both online and on-premises. In Acunetix we can set scan type as Full Scan, High Risk Vulnerability Scan, Cross Site Scripting vulnerabilities, SQL injection Vulnerabilities, Weak Passwords and crawl only. Also, Acunetix has wide range of support for CWE 2011, HIPAA, ISO 27001, OWASP Top 2013, PCI DSS 3.2, Sarbanes Oxley, DISA STIG, WASC threat classification and so on.
Acunetix scans are faster and while the scan is going, we can see the list of vulnerabilities as soon as they are found. Also, Acunetix has the capability of automatically prioritizing the high-risk vulnerabilities. Once the issue is fixed, we can perform retesting of that issue instead of rescanning the entire application and waiting for the scan to complete.
Acunetix scans can be scheduled once, or it can be a recurring scan. We can scan multiple environments at the same time by importing through csv file or we can pass the targets manually.
If in our websites any authentications that need to perform Acunetix can be helpful as Acunetix has a special feature of recording a specific scenario and the same can be replayed. Also, we can exclude some actions which are not required during the scan.
Acunetix has different modules inside it, and they are
Acunetix AcuMonitor:
AcuMonitor is an intermediary service that allows the scanner to detect out of bound vulnerabilities like Blind Cross-site scripting (BXSS / Delayed XSS), XML external entity injection (XXE), Server side request forgery(SSRF), Out of band SQL injection(OOB SQLi), Out of band remote code execution(OOB RCE), Host Header Injection, Email Header Injection and Password reset poisoning
Acunetix AcuSensor:
AcuSensor is a server-side component that enables the scanner to run a gray box scan. AcuSensor inspects the source code of a web application whilst it is in a execution Shows Vulnerable source code line number, Shows Vulnerable source code stack trace, Shows Vulnerable SQL Queries, 100% backend crawl coverage, 100% verification of 12+ high severity vulnerabilities and so on Analyze server configuration for vulnerabilities
Acunetix can integrated well in SDLC lifecycle, CI CD system for performing incremental scan for finding the vulnerabilities. Acunetix has plugins for git, JIRA, GitLab, Jenkins, and so on. Acunetix reports can be generated in HTML and PDF formats.
