Security researchers disagree about the percentage of vulnerable websites, but most concur that it’s way too high. Despite their long history, attackers continue to use cross-site scripting (XSS), SQL injection and more to successfully compromise sites and web applications. In today’s era of cloud-based and on-premises web applications that connect directly into the organization – it’s more important than ever to take a step back and consider the risk of web & security vulnerabilities that can leave your organization open to hackers.
As web applications scale, manual security assessments can become time-consuming and challenging to process while outsourcing these tasks won’t always provide the desired result. In many cases, a degree of automation is the way forward, and the decision becomes which web vulnerability scanner to choose.
Firewall.cx has written extensively about the pros of web vulnerability scanners, popular tools, and good common security practices. Despite this, we keep coming back to Acunetix, and it recently received a major upgrade. Version 12 of the enterprise-grade security tool is a significant leap forward that deserves an in-depth assessment.
Founded in 2005, Acunetix was designed to replicate hackers, yet catch vulnerabilities before they do. The leaps and bounds since its release have led to use in government, military, and banking, as well as partnership with Microsoft and AWS.
Before we dive in our in-depth analysis let’s take a look at the topics covered:
- Installation and Using Acunetix 12 Enterprise
- Scanning Web Applications and Websites with Acunetix 12 Enterprise
- AcuSensor – Achieving 100% High-Severity Vulnerability Accuracy
- Acunetix Reporting, Exporting, and Issue Tracking
A free trial version can be downloaded from: http://www.acunetix.com/vulnerability-scanner/download/
When it comes to sheet usability, it’s easy to see why. While most readers will have no problems with complex setups, it’s always nice to avoid the hassle. Acunetix’s installation is a matter of creating an admin account, entering the license key, and choosing a port.
All told, it took a matter of minutes to get up and running and didn’t require any additional configuration or restarts. For Enterprise customers, multi-engine deployment is also available, allowing for more simultaneous scans. As you’d expect, the setup is a little more complex, but still only requires a single line in command prompt and some additional registration inside Acunetix. Once configured, users can set targets to only scan with a specific engine and can push past the normal limit of 25 simultaneous scans.
However, many organizations will still want to setup user accounts for different roles. The software has three different account types for Tech Admins, Testers, and Auditors:
Cisco Networking, VPN Security, Routing, Catalyst-Nexus Switching, Virtualization Hyper-V, Network Monitoring, Windows Server, CallManager, Free Cisco Lab, Linux Tutorials, Protocol Analysis, CCNA, CCNP, CCIE.