網站的安全性防護 Acunetix Web Vulnerability Scanner Consultant Edition 8.0
網站的安全性防護 Acunetix Web Vulnerability Scanner Consultant Edition 8.0
網站的安全性可能是今天最容易被忽視的方面,確保企業在任何組織中,應優先考慮。
黑客們把精力都放在基於Web的應用程式 – 購物車,表單,登入頁面,動態內容等Web應用程式都可以訪問,每天24小時,每週7天,並控制有價值的資料,因為他們往往直接訪問後端資料如客戶資料庫。
對黑客在任何防禦網路的安全層級將不提供對Web應用程式的攻擊,因為它們是在連接埠80上推出的保護 – 保持開放的Web應用程式防火牆,SSL和鎖定的伺服器都是徒勞的。
此外,Web應用程式往往是量身定制的,因此不到的,現成的軟體測試和更容易有被發現的漏洞。
Acunetix WVS自動檢查您的Web應用程式的SQL注入,XSS和其他網站的漏洞。
審核您的網站的安全性,與Acunetix網頁漏洞掃瞄器
如果Web應用程式是不安全的,那麼你的整個資料庫中的敏感訊息,是嚴重的風險。為什麼呢?
‧網站和關聯Web應用程式必須提供24 x 7全天候提供所需的服務,為客戶,員工,提供者和其他利益關聯者
‧防火牆和SSL提供Web應用程式的保護,防止黑客,僅僅是因為訪問該網站向公眾公佈
‧Web應用程式通常可以直接訪問到後端資料,如客戶資料庫,因此,控制有價值的資料,更難以保證
‧自訂應用程式更容易受到攻擊,因為它們涉及到一個較低程度的測試,而不是關閉的,現成的軟體
‧黑客更喜歡訪問的敏感資料,因為支付銷售資料的巨大。
在深入檢查SQL注入,跨站腳本(XSS)和其他漏洞
Acunetix所有的網路漏洞,內含SQL注入,跨站台腳本和其他檢查。 SQL注入是一種黑客技術修改SQL指令,以獲得訪問資料庫中的資料。跨站台腳本攻擊使黑客能夠在訪問者的瀏覽器中執行惡意腳本。
這些漏洞的檢驗需要先進的檢驗引擎。派拉蒙的Web漏洞掃瞄是掃瞄器可以檢驗到的攻擊數,但與掃瞄器啟動SQL注入,跨站腳本和其他攻擊的複雜性和徹底性。 Acunetix一個國家的藝術漏洞檢驗引擎,可以快速發現漏洞具有低誤報數量。它也位於CRLF注入,代碼執行,目錄遍歷,檔案包括和認證漏洞。
掃瞄AJAX和Web 2.0技術的漏洞
藝術的JavaScript分析器的狀態,讓您全面掃瞄最新的和最複雜的AJAX / Web 2.0網路應用程式,並找到漏洞。
詳細的報告使您能夠滿足法律及監管合規
Acunetix網路漏洞掃瞄器內含一個廣泛的報告模組,可以生成報告,顯示您的Web應用程式是否符合新的VISA PCI資料的合規性要求。
分析您的網站對谷歌黑客資料庫
谷歌黑客的資料庫(GHDB)是一個資料庫被黑客利用來識別敏感資料在您的網站,如門戶網站的登入頁面,日誌與網路安全訊息等的查詢。 Acunetix推出的Google黑客資料庫查詢到你的網站抓取內容,並識別敏感資料,或可利用的目的之前,「搜尋引擎黑客」。
進階滲透測試工具
除了自動掃瞄引擎,Acunetix內含先進的工具,使滲透測試人員進行微調的Web應用程式安全檢查:
‧HTTP編輯器 – 有了這個工具,你可以很容易地構造HTTP / HTTPS請求,並分析Web伺服器的響應。
‧HTTP嗅探器 – 攔截,記錄和修改所有HTTP / HTTPS流量,並揭示所有的Web應用程式傳送的資料
‧HTTP的Fuzzer – 緩衝區溢出和輸入驗證執行複雜的測試。測試成千上萬的輸入變量易於使用的規則生成器的HTTP的fuzzer。天的時間來執行手動測試,將採取現在可以在幾分鐘內完成。
‧建立自訂攻擊或修改現有的網路漏洞編輯器
測試密碼保護的區功能變數和網頁表單自動生成HTML格式的表格填寫
Acunetix網路漏洞掃瞄器能夠自動填寫網頁表單和驗證的Web登入。大多數的Web漏洞掃瞄器是無法做到這一點,或需要複雜的腳本來測試這些頁面。不,與Acunetix:使用巨集錄製工具,你可以記錄登入或的形式填充過程和存儲序列。在掃瞄過程中,掃瞄器,然後重播序列,並在Web表單自動填寫登入密碼保護的區功能變數。
Website security is possibly today’s most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases. Firewalls, SSL and locked-down servers are futile against web application hacking Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 – which has to remain open. In addition, web applications are often tailor-made therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
Audit your web site security with Acunetix Web Vulnerability Scanner
If web applications are not secure, then your entire database of sensitive information is at serious risk. Why?
• Websites and related web applications must be available 24 x 7 to provide the required service to customers, employees, suppliers and other stakeholders
• Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public
• Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure
• Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software
• Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data.
In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities
Acunetix checks for all web vulnerabilities including SQL injection, Cross site scripting and others. SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.
Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine which quickly finds vulnerabilities with a low number of false positives. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion and Authentication vulnerabilities.
Scan AJAX and Web 2.0 technologies for vulnerabilities
The state of the art javascript analyzer allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications and find vulnerabilities.
Detailed reports enable you to meet Legal and Regulatory Compliance
Acunetix Web vulnerability scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new VISA PCI Data Compliance requirements.
Analyzes your site against the Google Hacking Database
The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive data on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.
Advanced penetration testing tools included
In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security checks:
• HTTP Editor – With this tool you can easily construct HTTP/HTTPS requests and analyze the web server response.
• HTTP Sniffer – Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application
• HTTP Fuzzer – Performs sophisticated testing for buffer overflows and input validation. Test thousands of input variables with the easy to use rule builder of the HTTP fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
• Create custom attacks or modify existing ones with the Web Vulnerability Editor
Test password protected areas and web forms with Automatic HTML form filler
Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test these pages. Not so with Acunetix: Using the macro recording tool you can record a logon or form filling process and store the sequence. The scanner can then replay this sequence during the scan process and fill in web forms automatically or logon to password protected areas.
網站的安全性防護 Acunetix Web Vulnerability Scanner Consultant Edition 8.0 | Home Page – http://www.acunetix.com/
網站的安全性防護 Acunetix Web Vulnerability Scanner Consultant Edition 8.0 : 52.2 MB
