What you need to know about Acunetix?


Enterprise security is not something that should be taken lightly. We already know by now how valuable cybersecurity has become in today’s society. To combat this, there are many tools available in the commercial market. Acunetix is one of them. But what is Acunetix? What does it do for you? Here’s what you need to know.

What is Acunetix?

Acunetix was founded by Nick Galea in 2005. It came at a time when the majority of enterprises focused on network protection rather than securing web applications. With the goal of combating web vulnerabilities, Acunetix aimed to offer an automated tool to scan web applications to identify and resolve security issues. Simply put, Acunetix is an all-in-one website security scanner.

The vulnerability scanner was originally built for Windows. In 2014, Acunetix offered an online version and then Linux in 2018. Over the years the company has grown its services. Currently, Acunetix serves over 6,000 companies worldwide.

What Acunetix can do?

Acunetix includes quite a few features for enterprises.

Vulnerability scanner

Cloud computing and browser technology have seen significant growth in recent times. In the business environment, these are often vital components. This very reason paints a huge target in the sector. Hackers continue to focus on this area.

Yes, firewalls and SSL certificates can help beef up web application security. But these measures are only basic. Regardless of the HTTP of HTTPS, web attacks are still carried out by hackers. As Acunetix puts it, their vulnerability scanner has the capability of detecting over 4500 web application vulnerabilities. It can also scan open-source software and custom-built applications.

The Acunetix vulnerability scanner comes equipped with DeepScan. This enables crawling AJAX-heavy client-side single-page applications. The AcuSensor combines black box scanning methodologies with feedback from its sensors placed inside source code. The company also claims, “Industry’s most advanced SQL Injection and Cross-site Scripting (XSS) testing including advanced detection of DOM-based XSS”. Furthermore, its Login Sequence Recorder facilitates the automatic scanning of complex password-protected areas.

It doesn’t stop there. The vulnerability scanner also includes a vulnerability management tool. This provides many technical and compliance reports.

Penetration testing software

We previously talked about penetration testing. Acunetix’s offering is an automated penetration testing tool. While it’s true that manual testing would provide organizations with a thorough security assessment. But oftentimes these are time consuming and expensive. Hence, the use of automated penetration testing tools, like Acunetix’s web vulnerability scanner, is much more efficient.

Acunetix allows security personnel to test for SQL injection, Cross-Site Scripting, and other vulnerabilities. It also allows for scheduled automated scans as well. Additionally, it also has the capability of offering full support for modern Single Page Applications.

Here, the penetration testing tools are able to understand and test applications dependent on JavaScript frameworks such as Angular and React. What this means is that the penetration testing tools can scan everything from legacy web applications built on traditional stacks to modern web apps.

The reporting element is also a valuable add on for enterprises. The software can generate a wide range of reports such as PCI DSS, HIPAA, OWASP Top 10, etc. Additionally, if users discover any vulnerabilities, they could export these to issue trackers like Atlassian JIRA, GitHub, and Microsoft Team Foundation Server.

Web application security

When it comes to web application security, one of the first things to do is to scan for known vulnerabilities. Acunetix would enable quick and easy identification of known vulnerabilities. This includes sites built with HTML5 and JavaScript Single Page Applications, which can be sometimes hard to scan.

When it comes to testing approaches, Acunetix is not limited to black-box testing techniques. Among the many elements of Acunetix is the AcuSensor grey-box scanning technology. This lets users automatically assess executed Java, ASP.NET and PHP server-side code.

Network security scanner

When it comes to network security, insecure network perimeters remain the cause of many data breaches. Thereby, this tool would help users discover open ports and running services, and test for more than 50,000 known network vulnerabilities and misconfigurations. Acunetix would also allow users to analyze the security of routers, switches, load balancers, and the likes. Additionally, the network security scanner element comes equipped with a few more capabilities such as testing for,

  • Weak passwords: FTP, IMAP, database servers, POP3, Socks, SSH, and Telnet
  • Badly configured proxy servers
  • Anonymous FTP access and writable directories over FTP
  • Weak TLS/SSL ciphers
WordPress vulnerability scanner

WordPress is one of the most popular Contents Management Systems today. It’s said that there are roughly 75,000,000 WordPress sites operational as of this moment. The system’s many mechanisms such as plugins, themes, and user-friendly content management makes WordPress a top choice for most people. Unfortunately, this also makes WordPress a promising target for hackers. Enter the Acunetix WordPress vulnerability scanner. According to the company, this has the capability to,

  • Detect outdated WordPress versions, including WordPress core and plugins without critical security patches
  • Identify malware that is sometimes under the guise of WordPress themes and third-party plugins
  • Detect WordPress usernames that can be used to compromise accounts
  • Discover disclosed publicly available wp-config.php files
  • Identify if vulnerable to XML-RPC brute force attacks
So should you consider Acunetix?

According to the company itself, there are 3 things that make its offerings stand out from the rest,

  1. It is a fully automated tool that frees up your security team resources. It reports very few false positives, so your team does not waste time trying to find non-existent issues.
  2. It can detect vulnerabilities that other technologies would miss because it combines the best of dynamic and static scanning technologies and uses a separate monitoring agent.
  3. It provides vulnerability management and compliance reporting functionality. You can classify, rank, and retest issues. You can also integrate with issue trackers and continuous integration solutions.

In terms of recognition, Gartner reflects a 4.3 rating score for Acunetix. Its list of accolades includes being voted Windowsecurity.com Readers’ Choice Award winner, winning Best Vulnerability Management solution at the Cyber Defence Magazine InfoSec Awards 2017.

Acunetix has partnered up with a select number of distributors and resellers from around the world to facilitate its availability, including us at C-YBER. As we are certified Acunetix partners, you can make an order for Acunetix’s solutions through us as well. So, if you’re an enterprise on the lookout for an all-in-one website security scanner, Acunetix is one choice that should be on every list.