Vulnerability Assessment & Management
Acunetix is a vulnerability assessment & management solution, designed to be a part of any enterprise environment by providing multiple integrations as well as options to integrate within custom contexts. Acunetix performs mock attacks in a safe way, shows you how a malicious hacker could potentially access your systems, and explains how you can prevent real attacks. This is the best way to protect yourself against common threats. Acunetix is renowned for its high performance (engine written in C++) and a very low rate of false positives. It is available for Microsoft Windows, Linux, and macOS operating systems as well as an online (cloud) solution.
Acunetix believes that to maintain the best level of security in an organization, vulnerability scanning should be treated as part of the development and operational processes. Acunetix can be considered as your initial penetration testing tool.
Vulnerability Assessment & Management
Acunetix automates vulnerability assessment and management processes. Security experts can avoid mundane tasks and focus on what’s most important. Additionally, thanks to its precision, Acunetix increases trust and guarantees that resources are not spent on verifying false positives.
Why Acunetix
There are several web vulnerability scanners on the market, but Acunetix has certain advantages that others lack. We focus on one thing and we do it best. Here are some of the reasons why you should consider giving Acunetix a try.
- Acunetix is the most mature web vulnerability scanner on the market, developed by a specialized team since 2005. The engine is built using C++, which means that it is much faster than many similar solutions. The scanner uses a web interface and the engine is available for Windows, Linux, and macOS.
- Acunetix uses two unique technologies that help you discover more vulnerabilities: AcuMonitor and AcuSensor. Additionally, AcuSensor helps you find the vulnerability in the source code.
- Acunetix is automated and very easy to use even by non-security personnel in contrast to most scanners, especially the open-source ones, that are designed for specialized security personnel and meant to be used manually.
Automate and Integrate Your Vulnerability Management
To save resources, ease remediation, and avoid late patching, enterprises often aim to include web vulnerability tests as part of their SecDevOps processes. Acunetix is one of the best DAST tools for such a purpose due to its efficiency in both physical and virtual environments.
- Acunetix integrations are designed to be easy. For example, you can integrate Acunetix scans in your CI/CD pipeline with tools such as Jenkins in just a few steps.
- For effective vulnerability management, you can also use third-party issue trackers such as Jira, GitLab, GitHub, TFS, Bugzilla, and Mantis.
- For some issue trackers, Acunetix also offers two-way integration, where the issue tracker may automatically trigger additional scans depending on the issue state.
- Acunetix offers its own API that you can use to connect to other security controls and software developed by third parties or in-house.
- In the case of enterprise customers, Acunetix technical experts will help you integrate the tool within atypical environments.
Network Security Scanning
Acunetix is available in versions suited to different customer needs. It can be deployed locally on Linux, macOS, and Microsoft Windows operating systems. You can also use it as a cloud product to save your local resources.
- In addition to web application vulnerabilities, such as SQL Injections and Cross-site Scripting (XSS), Acunetix helps you discover other security threats. This includes web server configuration issues or misconfigurations, unprotected assets, malware, and other security threats listed in OWASP Top 10.
- To protect your key assets, you can use the unique AcuSensor IAST technology for PHP, Java, or .NET. This technology helps you remediate by making it easier to pinpoint the cause of the security hole.
- Acunetix is integrated with the OpenVAS open-source tool. This network security scanner helps you scan your IP address ranges to discover open ports and other security vulnerabilities specific to network devices. You can handle your web and network vulnerabilities together using a single dashboard.
Information Security Testing
In addition to an Acunetix scan, you can and you should follow up with further manual tests done using command-line and GUI-based penetration testing tools.
- While Acunetix tests for weak passwords using its own or supplied dictionary, you may attempt additional manual password cracking, for example, using a password cracker such as John the Ripper or THC Hydra.
- Acunetix does not test WiFi security. Therefore, you may need to use other tools, such as aircrack-ng, to check for example for WEP/WPA vulnerabilities.
- For further manual web and network traffic tests, you can use free manual pentesting tools and open-source tools such as packet analyzers, sniffers, brute force tools, testing frameworks, open port scanning tools, network mappers, and more. Some examples of such penetration testing tools are: Kali Linux, Zed Attack Proxy (ZAP), w3af, Nmap, Metasploit, Wireshark, Burp Suite, sqlmap, and more.
Acunetix Standard, Premium and 360
Acunetix Standard is a web vulnerability scanner, which automatically tests your website to see if it can be hacked. The scanner performs mock attacks in a safe way, shows you how a malicious hacker could potentially access your systems, and explains how you can prevent real attacks. This is the best way to protect yourself against common web threats.
- Acunetix Premium brings you all the benefits of Acunetix Standard with a lot of added value. The Premium edition is primarily intended for medium-to-large organizations that need to secure a large number of websites and web applications and/or want to incorporate web security scanning in their DevOps and issue management infrastructures.
- Acunetix 360 is an enterprise-class web vulnerability assessment and web vulnerability management solution. Acunetix 360 is designed to be a part of any enterprise environment by providing multiple integrations as well as options to integrate within custom contexts.
The full feature list of all the above version so that you can choose the one that is most suitable for you can be found below:
| Architecture and Scale | Standard | Premium | Acunetix 360 |
|---|---|---|---|
| Unlimited Web Scanning | ✔ | ✔ | ✔ |
| Multi-user | ✔ | ✔ | |
| Single Sign On | ✔ | ||
| User Roles and Privileges | ✔ | ✔ | |
| Multiple Scan Engines | ✔ | ✔ | |
| Hybrid Environment Installation (online/on-premises) | ✔ | ||
| Number of Users | 1 | Unlimited | Unlimited |
| Max Number of Scan Engines | 1 | Unlimited | Unlimited |
| Delivery | On-premises | Hosted or On-premises | Hosted and/or On-premises |
| Acunetix Vulnerability Assessment Engine | Standard | Premium | Acunetix 360 |
| Scanning for 6500+ web application vulnerabilities | ✔ | ✔ | ✔ |
| Scanning for 50,000+ network vulnerabilities | ✔ | ||
| Acunetix DeepScan Crawler | ✔ | ✔ | ✔ |
| Acunetix AcuSensor (IAST Vulnerability Testing) | ✔ | ✔ | |
| Acunetix AcuMonitor (Out-of-band Vulnerability Testing) | ✔ | ✔ | ✔ |
| Acunetix Login Sequence Recorder | ✔ | ✔ | |
| Acunetix Business Logic Recorder | ✔ | ✔ | |
| Manual Intervention during Scan | ✔ | ✔ | |
| Malware URL Detection | ✔ | ✔ | |
| Scanning of Online Web Application Assets | ✔ | ✔ | ✔ |
| Scanning of Internal Web Application assets | ✔ | ✔ | ✔ |
| Key Reports and Vulnerability Severity Classification | Standard | Premium | Acunetix 360 |
| Key Reports (Affected Items, Quick, Developer, Executive) | ✔ | ✔ | ✔ |
| OWASP TOP 10 Report | ✔ | ✔ | ✔ |
| CVSS (Common Vulnerability Scoring System) for Severity | ✔ | ✔ | ✔ |
| Remediation Advice | ✔ | ✔ | ✔ |
| Compliance Reports* | ✔ | ✔ | |
| Centralized Management and Extensibility | Standard | Premium | Acunetix 360 |
| Dashboard | ✔ | ✔ | ✔ |
| Scheduled Scanning | ✔ | ✔ | ✔ |
| Notifications | ✔ | ✔ | ✔ |
| Continuous Scanning | ✔ | ✔ | |
| Target Groups | ✔ | ✔ | |
| Assign Target Business Critically | ✔ | ||
| Prioritize by Business Critically | ✔ | ||
| Role-Based Access Controls | ✔ | ✔ | |
| Trend Graphs | ✔ | ✔ | |
| WAF Virtual Patching** | ✔ | ✔ | |
| Issue Tracker Integration (Jira, Azure DevOps, GitHub, Gitlab, Bugzilla, Mantis) | ✔ | ✔ | |
| Jenkins Plug-in Integration | ✔ | ✔ | |
| CI/CD Integration (TeamCity, Azure, GitLab, Service Now) | ✔ | ||
| Advanced CI/CD Integration (TeamCity, Bamboo, Azure DevOps, GitLab) | ✔ | ||
| Advanced Issue Tracker Integration (FogBugz, GitLab, Unfuddle, ServiceNow, Bitbucket, Zapier) | ✔ | ||
| Integration APIs | ✔ | ✔ | |
| Slack integration | ✔ |