Acunetix is a global web security leader. As the first company to build a fully dedicated and fully automated web vulnerability scanner, Acunetix carries unparalleled experience in the field. The Acunetix web vulnerability scanner has been recognized as a leading solution multiple times. It is also trusted by customers from the most demanding sectors including many fortune 500 companies.
Nick Galea founded Acunetix in 2005. At this time, many enterprises did not see the need to secure their web applications. Instead, they focused on protecting the network. Acunetix were the pioneers who realized that this is not enough because network scanners and firewalls are helpless against most web vulnerabilities. The solution was to develop an automated tool used to scan web applications to identify and resolve security issues.
Since then, Acunetix grew as both the company and the product. The vulnerability scanner was originally developed for Windows only. In 2014, Acunetix launched an online (cloud) solution, in 2018 – a Linux version, and in 2019 – Acunetix 360 for enterprises. In 2018, the company was acquired by Turn/River Capital.
Acunetix is a fully automated tool that frees up your security team resources. Acunetix reports very few false positives so your team does not waste time trying to find nonexistent issues.
Acunetix can detect vulnerabilities that other technologies would miss because it combines the best of dynamic and static scanning technologies and uses a separate monitoring agent.
Acunetix provides vulnerability management and compliance reporting functionality. You can classify, prioritize, and retest issues. You can also integrate with issue trackers and continuous integration solutions.
Acunetix On Premise
Acunetix On Premise scans, detects and
reports on over 3000 web application vulnerabilities. It fully supports
HTML5 and JavaScript and AJAX-heavy websites, allowing auditing of complex,
authenticated applications. Acunetix detects all variants of SQL Injection
and XSS vulnerabilities and can automatically detect out-of-band
vulnerabilities. Also includes integrated vulnerability management features
to extend the enterprise’s ability to comprehensively manage, prioritise and
control vulnerability threats ordered by business criticality.
Key Features:
DeepScan Technology allows accurate
crawling of AJAX-heavy client-side Single Page Applications (SPAs) that
leverage complex technologies such as SOAP/WDSL, SOAP/WCF, WADL, XML,
JSON, Google Web Toolkit (GWT) and CRUD operations
A Login Sequence Recorder that allows
the automatic crawling and scanning of complex password protected areas
including multi-step, Single Sign-On (SSO) and OAuth-based websites
Easily generate a wide variety of
technical and compliance reports
Multi-threaded, lightning fast crawler
and scanner that can crawl hundreds of thousands of pages without
interruptions
For Windows and Linux
Why Choose Acunetix?
Acunetix is the pioneer in web security, being the first company to create a specialized web vulnerability scanner. Pure specialization and unparalleled expertise allowed our team to deliver unique solutions that have proven themselves in many environments.
Acunetix Online now enjoying all the features and benefits found in Acunetix On Premise, including: Integrated vulnerability management, greater manageability of threats and targets and the integration of popular WAFs and Issue Tracking systems. Acunetix Online also features a brand new UI for greater ease-of-use and manageability.
Web-based user interface
The user interface has been re-designed with a fresh new look, bringing it inline with Acunetix On Premise. The Acunetix Online UI is designed to make it easier for customers to use, by focusing on the core functionality of the product, introducing filtering options, and improving manageability of Targets.
All lists can be filtered (Targets, Scans, Vulnerabilities and Reports).
Increased configuration options (Excluded Hours, Excluded Paths, custom User Agent strings, client certificates and more).
Pre-seed crawls using a list of URLs, Acunetix Sniffer Log, Fiddler SAZ files, Burp Suite saved and state files, and HTTP Archive (HAR) files.
Targets and Vulnerabilities configured by business criticality
Business Criticality can now be assigned to Targets, enabling customers
to immediately identify and address vulnerabilities on critical servers.
Vulnerabilities identified on all Targets are shown in one list
Vulnerability list can be filtered by Target, Business Criticality,
Vulnerability, Vulnerability Status and CVSS.
Vulnerability can be grouped by Target Business Criticality and
Vulnerability Severity.
Integration with popular WAFs and Issue Tracking Systems
Vulnerabilities can now be exported to one of the supported WAFs (F5
Big-IP ASM, Fortinet FortiWeb and Imperva SecureSphere). This allows the
user to implement a virtual patch in the WAF, until a fix addressing the
vulnerability is installed. Scan results can also be exported to the
Acunetix generic XML for integration with other WAFs or 3rd party systems.
Acunetix Online also supports exporting vulnerabilities to either
Atlassian JIRA, GitHub or Microsoft Team Foundation Server (TFS), allowing
development teams to better keep track of vulnerabilities in their issue
tracking systems.
Mark Vulnerabilities as Fixed or False Positives
With the ability to mark vulnerabilities as False Positive,
Fixed or Ignored, users can now get rid of false positives
from upcoming scans and reports. While any fixed vulnerabilities that are
identified by Acunetix will be shown as Rediscovered. The user is given the
option of accepting the risk of a vulnerability by marking the vulnerability
as Ignored.
Custom Scan Types
Apart from using the default Scan Types included in Acunetix, Acunetix
Online users are now able to choose which specific vulnerabilities to scan
for. This is made possible through the creation of Custom Scan Types. For
example, a Custom Scan Type can be created to scan Targets for a recently
discovered vulnerability.
Enhanced Reporting
Acunetix Online now allows reports to be generated on:
Individual or multiple Scans,
Individual or multiple Targets,
Individual, multiple or all the Vulnerabilities identified by
Acunetix.
There is also the introduction of a Scan Comparison report which
highlights the differences between 2 scans, allowing the user to easily
identify the new vulnerabilities in the latest scans, or the vulnerabilities
that have not been detected, which could mean that they are fixed. Reports
are now available in both PDF and HTML.
Network Security Scanning
Acunetix Online provides a comprehensive perimeter network security
scanning service by integrating with the latest OpenVAS network
vulnerability scanning engine (v9). Acunetix Online can now detect in excess
of 50,000 network vulnerabilities.
Added functionality for Acunetix Integrators
Acunetix have added a new API that may be used by system integrators,
exposing all the functionality available in Acunetix. The API is able to
provide up-to-the-minute status of on-going scans together with information
on vulnerabilities identified for these scans.