（網路安全工具）Acunetix Web Vulnerability Scanner Consultant Edition 9.0.2013.09.04 Retail

Acunetix網路漏洞掃瞄，審計你的網站的安全性

如果Web應用程式是不安全的，那麼你的整個資料庫的敏感訊息是嚴重的風險。為什麼呢？

‧網站和關聯的Web應用程式必須提供24 x 7的客戶，員工，提供者和其他利益關聯者提供所需的服務
‧防火牆和SSL提供無保護Web應用程式的黑客，僅僅是因為訪問的網站予以公開
‧ Web應用程式通常可以直接訪問到後端的資料，如客戶資料庫，並因此控制有價值的資料，更難以保證
‧自訂應用程式更容易受到攻擊，因為它們涉及的現成軟體的測試，而不是在較小的程度
‧黑客喜歡是因為巨大的支付銷售資料獲得敏感資料。

在深入檢查SQL注入，跨站腳本（XSS）和其他漏洞

Acunetix檢查，內含SQL注入，跨站腳本和其他所有的web漏洞。 SQL注入是一種黑客技術修改SQL指令，以獲得訪問資料庫中的資料。跨站台腳本攻擊，使黑客能夠在訪問者的瀏覽器執行惡意腳本。

這些漏洞的檢驗需要一個先進的檢驗引擎。派拉蒙網路漏洞掃瞄，掃瞄器可以檢驗攻擊的數量，但與掃瞄器的複雜性和徹底啟動SQL注入，跨站腳本和其他攻擊。 Acunetix有一個國家的藝術具有低誤報數量迅速發現漏洞的漏洞檢驗引擎。它還位於CRLF注入，代碼執行，目錄遍歷檔案內含和驗證漏洞。

掃瞄AJAX和Web 2.0技術的漏洞

最先進的JavaScript分析器的狀態，讓您全面掃瞄最新的和最複雜的AJAX / Web 2.0的Web應用程式，並找到漏洞。

詳細的報告，使您能夠滿足法律及監管合規

Acunetix網路漏洞掃瞄器內含一個廣泛的報告模組，可以生成報告，顯示您的Web應用程式是否符合新的VISA PCI資料合規性要求。

針對谷歌黑客攻擊事件資料庫分析您的網站

谷歌黑客的資料庫（ GHDB ）是一個資料庫被黑客用來識別敏感資料在您的網站，比如門戶網站的登入頁面，日誌與網路安全訊息等的查詢。 Acunetix推出谷歌黑客攻擊事件資料庫中查詢到你的網站抓取的內容，識別敏感資料或利用的目的之前， 「搜尋引擎黑客」 。

進階滲透測試工具

除了自動掃瞄引擎， Acunetix內含先進的的滲透測試工具，讓微調的Web應用程式的安全檢查：

‧ HTTP編輯器 – 有了這個工具，你可以輕鬆地構建HTTP / HTTPS請求，並分析Web伺服器的響應。
‧ HTTP嗅探器 – 截取，記錄並修改所有的HTTP / HTTPS流量，並揭示一個Web應用程式傳送的所有資料
‧ HTTP的Fuzzer – 緩衝區溢出和輸入驗證執行複雜的測試。成千上萬的輸入變量與易於使用的規則構建的HTTP的fuzzer測試。天將採取手動執行的測試，現在可以在幾分鐘內完成。
‧建立定制的攻擊或修改現有的網路漏洞編輯器

測試密碼保護區和網頁表單的HTML表單自動填充物

Website security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases. Firewalls, SSL and locked-down servers are futile against web application hacking Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 – which has to remain open. In addition, web applications are often tailor-made therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

Audit your web site security with Acunetix Web Vulnerability Scanner

If web applications are not secure, then your entire database of sensitive information is at serious risk. Why?

• Websites and related web applications must be available 24 x 7 to provide the required service to customers, employees, suppliers and other stakeholders
• Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public
• Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure
• Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software
• Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data.

In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities

Acunetix checks for all web vulnerabilities including SQL injection, Cross site scripting and others. SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.

Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine which quickly finds vulnerabilities with a low number of false positives. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion and Authentication vulnerabilities.

Scan AJAX and Web 2.0 technologies for vulnerabilities

The state of the art javascript analyzer allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications and find vulnerabilities.

Detailed reports enable you to meet Legal and Regulatory Compliance

Acunetix Web vulnerability scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new VISA PCI Data Compliance requirements.

Analyzes your site against the Google Hacking Database

The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive data on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.

Advanced penetration testing tools included

In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security checks:

• HTTP Editor – With this tool you can easily construct HTTP/HTTPS requests and analyze the web server response.
• HTTP Sniffer – Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application
• HTTP Fuzzer – Performs sophisticated testing for buffer overflows and input validation. Test thousands of input variables with the easy to use rule builder of the HTTP fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
• Create custom attacks or modify existing ones with the Web Vulnerability Editor

Test password protected areas and web forms with Automatic HTML form filler

Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test these pages. Not so with Acunetix: Using the macro recording tool you can record a logon or form filling process and store the sequence. The scanner can then replay this sequence during the scan process and fill in web forms automatically or logon to password protected areas.

（網路安全工具）Acunetix Web Vulnerability Scanner Consultant Edition 9.0.2013.09.04 Retail | Home Page – http://www.acunetix.com