Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

#Acunetix #product #presentation

641 vues

Publié le

All-in-One Website Security Scanner
Find and detect vulnerabilities at the earliest stage using Acunetix automated web vulnerability scannerFind vulnerabilities in your websites and web APIs
Find vulnerabilities in your websites and web APIs
Highest detection rating of over 4500 vulnerabilities in custom, commercial, and open source apps with nearly 0% false positives.
AcuSensor (IAST) allows you to find and test hidden inputs not discovered during black-box scanning (DAST)
Advanced Crawling & Authentication support gives you the ability to crawl JavaScript websites and SPAs

Publié dans : Logiciels
  • I like this service ⇒ www.HelpWriting.net ⇐ from Academic Writers. I don't have enough time write it by myself.
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

#Acunetix #product #presentation

  1. 1. www.acunetix.com Acunetix v12 Is Your Website Hackable?
  2. 2. – Founded in 2004 – Pioneer in web application security – Fully automated Black-box, Gray- box, Client-side and Out-of-band web application scanner with one consolidated view – Depended on by SMEs and Enterprises the world over – Fortune 100, 500 and 1000 customers www.acunetix.com
  3. 3. Product and Service Offering Acunetix On Premise (Standard and Enterprise) and Acunetix Online (Enterprise) – Black-box, Gray-box, Out-of-band testing – Highly accurate, wide test coverage (4500+ web application vulnerabilities) – Vulnerability Management – Issue Tracker integration and WAF Virtual Patching – No dependencies, easy to set-up – Web-based console – Extensible, highly scalable www.acunetix.com
  4. 4. How it works and what’s new in v12 www.acunetix.com
  5. 5. www.acunetix.com – Crawler analyzes entire Target starting from a URL, mapping out entire structure. – Scanner then tests pages found for vulnerabilities. – Reports on vulnerabilities found and provides remediation New in v12 – Support for latest JavaScript – Scan speed up to 2X faster – AcuSensor technology for JAVA – Pause / Resume functionality – Exclusion of locations from crawl – Password Policy feature
  6. 6. www.acunetix.com Support for latest JavaScript (New in v12) – Supports ES6 and ES7. – Updated Acunetix DeepScan and the Acunetix Login Sequence Recorder. – Better analysis of SPAs. – Ahead of industry curve.
  7. 7. www.acunetix.com Scan speed up to 2X faster (new in v12) – Fastest scanner in the industry. – 50% decrease in scan time. – Combined with multi-engine – 1000s of sites scanned in shortest time.
  8. 8. www.acunetix.com AcuSensor Technology for Java (new in v12) – AcuSensor Technology for .NET, PHP and now JAVA! – Improves website coverage. – Better detection of vulnerabilities. – Fewer False Positives. – Provides additional information on vulnerabilities found.
  9. 9. www.acunetix.com Pause and Resume (New in v12) – Ability to Pause a Scan. – Resume Scan at a later stage. – Acunetix proceeds with scan from where it left off. – Information about paused scan automatically retained in Acunetix.
  10. 10. www.acunetix.com Exclude Paths (New in v12) – Exclusion of specific paths directly from the UI. – Eliminates need for complex regular expressions
  11. 11. www.acunetix.com Inbuilt Vulnerability Management features – Easily re-scan all Targets (stored in Acunetix with individual settings). – Prioritize vulnerabilities by Target’s business criticality. – Consolidated reports are stored in the central interface. – Select “Target reports”, “Scan reports” or “All Vulnerabilities” report.
  12. 12. www.acunetix.com – Mark vulnerabilities as Fixed – Vulnerability Rediscovery let’s you know that “fixed” vulnerabilities have been rediscovered – Continuous Scanning automatically runs a Quick Scan every day on a Target, and a Full Scan once a week
  13. 13. www.acunetix.com Out-of-the-box WAF Virtual Patching Acunetix can export accurate scan results to automatically configure the following Web Application Firewalls (WAFs): – Imperva SecureSphere, – F5 BIG-IP Application Security Manager – FortiWeb WAF
  14. 14. www.acunetix.com Out-of-the-box Issue-Tracker Integration Acunetix can send vulnerabilities as issues to the following Issue Trackers: – Atlassian JIRA Software – GitHub – Microsoft Team Foundation
  15. 15. www.acunetix.com Reporting – Web-based interface allows multiple user access from browser irrespective of OS used. – Easily generate a wide variety of management and compliance reports. – OWASP Top 10, PCI DSS, ISO27001, HIPAA – Results can be exported to XML
  16. 16. www.acunetix.com Role-based multi-user system – Create multiple user accounts. – Assign users to particular groups of targets. – User can create, scan, and report on the targets assigned, depending on privileges.
  17. 17. www.acunetix.com Role-based multi-user Tester, auditor, developer and manager users can work together on consolidated result data in one vulnerability management system.
  18. 18. www.acunetix.com Password Policy (New in v12) – 2-Factor-Authentication (2FA) support. – Password Policies for user accounts.
  19. 19. Acunetix Flagship Technologies www.acunetix.com
  20. 20. Acunetix DeepScan www.acunetix.com
  21. 21. Acunetix DeepScan – WebKit, the world’s most widely used browser engine – Crawl and scan HTML5 web applications – Execute JavaScript like a real browser – Complex client-side web applications (AngularJS, ReactJS, EmberJS…) – DOM-based Cross-site Scripting – Malicious URLs – Popular CMSs (WordPress, Drupal, Joomla!) – CRUD requests, JSON, XML, GWT, AJAX, – WSDL/SOAP, WCF/SOAP and WADL/REST www.acunetix.com
  22. 22. Over 65% of Customers Scan Single-Page Apps 47% found DOM-based XSS vulnerabilities using DeepScan www.acunetix.com
  23. 23. Acunetix AcuMonitor www.acunetix.com
  24. 24. Acunetix AcuMonitor – Automatic Out-of-band vulnerability detection – Blind Cross-site Scripting (BXSS / Delayed XSS) – XML External Entity Injection (XXE) – Server Side Request Forgery (SSRF) – Out-of-Band SQL Injection (OOB SQLi) – Out-of-Band Remote Code Execution (OOB RCE) – Host Header Injection – Email Header Injection – Password Reset Poisoning www.acunetix.com
  25. 25. Acunetix AcuMonitor – Hunting for XXE in Uber using Acunetix AcuMonitor Blind Cross-site Scripting (BXSS / Delayed XSS) to automatically – Crawled the REST API endpoint – Figured out POST vs GET – Submitted XML even though App returns JSON – Tests Blind OOB XXE using AcuMonitor – No separate HTTP server – No manual sifting of logs – 26 different Uber domains affected (found using Google Hacking) www.acunetix.com https://www.acunetix.com/blog/articles/hunting-xxe-uber-using-acunetix-acumonitor/
  26. 26. Acunetix AcuSensor www.acunetix.com
  27. 27. Acunetix AcuSensor – Enables the scanner to run a gray-box scan – AcuSensor component inspects the source code of a web application whilst it is in execution – Shows vulnerable source code line number – Shows vulnerable source code stack trace – Shows vulnerable SQL queries – 100% backend crawl coverage – 100% verification of 12+ high-severity vulnerabilities – Analyze server configuration for vulnerabilities www.acunetix.com mysqli_query($conn, $sql)
  28. 28. Acunetix AcuSensor (100% Verified) – Arbitrary File Creation – Arbitrary File Deletion – Code Execution – CRLF Injection – Directory Traversal – Email Injection – File Inclusion – File Tampering – File Upload – PHP Code Injection – PHP SuperGlobals Overwrite – PHP User Controlled Vulnerabilities – Reflected and Stored XSS – SQL Injection www.acunetix.com
  29. 29. AcuSensor is used by over 30% of Customers Included as standard in Acunetix www.acunetix.com
  30. 30. Acunetix Partner Program – Performance-based resale margin – Access to free NFR & POCs – Telephone & Email support – Training videos, Documentation, Webinars, Blog – Listing on the Acunetix partner page – Access to leads – Strong recurrent revenue opportunity www.acunetix.com
  31. 31. Acunetix Academy Partners and Licensed Users can get Acunetix certified –Win customer confidence –Earn more from service revenue –Get listed on the Acunetix website www.acunetix.com
  32. 32. www.acunetix.com Thank You Is Your Website Hackable? Questions? sales@acunetix.com support@acunetix.com

×