Web applications - a chink in your armour

Released on = July 13, 2006, 4:51 am

Press Release Author = Tamara Borg / Acunetix

Industry = Software

Press Release Summary = Secure your web applications against SQL injection, XSS and
other vulnerabilities with Acunetix WVS 4.0

Press Release Body = London, UK - 13 July, 2006 - Acunetix, a leading web security
software company, today announced the release of Acunetix Web Vulnerability Scanner
version 4. This latest version provides a more comprehensive solution for
enterprises wanting to detect exploitable website and web application
vulnerabilities such as SQL Injection and Cross Site Scripting.

"This release comes at a time when hackers are launching more aggressive attacks on
web applications. Some hackers have successfully compromised the websites of large
companies such as Microsoft and Paypal and even accessed very personal and highly
sensitive data of thousands of victims through government websites." says Nick
Galea, CEO of Acunetix."

Acunetix Web Vulnerability Scanner provides protection by automatically auditing the
security of websites. The software crawls an entire website, launches several web
attacks (SQL Injection, Cross Site Scripting, Google hacking, etc.) and identifies
vulnerabilities that need to be fixed, while proposing recommendations.

Web Applications: a hacker's backdoor entry to sensitive information

\"Increasingly, businesses are becoming aware of the importance of securing websites
to prevent hackers from gaining access to sensitive customer data, through poorly
designed web applications. These web applications are prone to attack because they
are accessible 24x7 and receive/deliver content directly from databases containing
the data," reports Galea. "Standard network security provides no protection against
web application attacks since these are launched on port 80 which has to remain open
to allow regular operation of the business," he adds.

Chinks in the Armour

78% of financial services institutions (including banks, insurers and investment
professionals) were attacked by hackers in the past year, according to Deloitte\'s
annual 2006 Global Security Survey. This is in stark contrast with only 26% reported
in 2005.
* In June this year, an unknown number of PayPal users were tricked into giving away
social security numbers, credit card details and other highly sensitive personal
information. Hackers deceived their victims by injecting and running malicious code
on the genuine PayPal website by using the Cross Site Scripting technique.
* Security researcher, Yash Kadakia, announced that Cross Site Scripting and CRLF
(Carriage Return Line Feed) injection vulnerabilities found in MSN and Amazon sites
could be used by hackers to gain access to Amazon.com and MSN accounts, or to
display a fake login page for use in phishing attacks.

"The dramatic rise in web application hacks is denting online purchasing confidence
and causing irreversible damage to businesses," remarks Galea. "That is why we are
offering free security audits to any business with an online presence."

Acunetix WVS: New Features

The new Acunetix Web Vulnerability Scanner broadens the scope of vulnerability
scanning by introducing advanced and highly rigorous heuristic technologies to
tackle the complexities of today\'s web-based environments.

Javascript / AJAX application security scanning

Version 4 now adds the ability to check AJAX applications for security
vulnerabilities. AJAX applications offer tremendous possibilities for extending the
use of web applications, however they also require more stringent security checks.
Acunetix WVS 4 now includes the industry's most advanced JavaScript analyzer to help
companies keep their AJAX applications secure.

Other new new features include: Command Line Support, URL Rewrites, Custom Cookies
Support and Enhanced Search, Scheduling, Logging and Reporting

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a
free audit by visiting www.acunetix.com/security-audit. Participating enterprises
will receive a summary audit report showing whether their website is secure or not.
Summary reports will be delivered within five business days of submission.

Pricing & Availability

Acunetix WVS is available as an enterprise or as a consultant version. A perpetual
license to scan 1 website can be purchased for as little as $1,495, whereas a
perpetual license to scan an unlimited amount of websites costs $4,995. For more
information visit: http://www.acunetix.com/ordering/pricing.htm.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.


Web Site = http://www.acunetix.com/news/wvs4release.htm

Contact Details = For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •