Views
11 months ago

CSLATEST

product review ACUNETIX

product review ACUNETIX 11 With web sites now under a daily onslaught of attacks, businesses can't afford to be lax about security. Their very survival may depend on it when the EU GDPR (General Data Protection Regulations) come into force in May 2018, as any business that falls foul of these will be hit with punishing fines. Acunetix specialises in automated web application security and its latest web vulnerability scanner Acunetix 11 seems to be the perfect solution, as it offers some of the industry's highest detection rates. Available as both an on-premises and an online edition, it subjects your web sites and webapps to its advanced scanning techniques, tests for over 3,000 web vulnerabilities and prioritises them for simplified resolution. Along with a slick new web interface, the Enterprise edition introduces role-based users for enhanced vulnerability management. Multiple users can be assigned one of three roles, allowing security assessments and report generation tasks to be delegated across different divisions. We found the new web console very easy to use, with its dashboard presenting a clear overview of high, medium and low severity vulnerabilities. Beneath is a table showing your five most vulnerable targets, a listing alongside for the most common detected vulnerabilities and yearly trending views below. Basic web site scans take seconds to start as we entered the target URL, assigned one of four business criticality levels, chose from four scan speeds, picked a report type and let it go. We could also set the scan to run continuously, schedule it for regular daily, weekly, monthly or yearly intervals and add login credentials, if the web site required them. During the scan process, Acunetix' DeepScan technology crawls the web site, analyses all discovered links and builds a complete map of its structure. We used our own live sites for testing and found it returned a perfect view of our site structures. The scanner tests the web site by emulating a series of hacker attacks, and Acunetix' AcuSensor technology offers deeper scanning techniques for ASP .NET and PHP. Enabled on selected scan jobs, the console provides links for downloading the appropriate AcuSensor agent and installing it on the web site host. Once loaded, it retrieves a list of web sites on the target and, from its local Manager interface, you select which ones to use it on. Security is tight, as the agent is uniquely generated for the target host and password protected so it can only communicate with your console. The console's Target view lists all scanned web sites, along with a colour-coded grading system, so we could see at a glance which were safe or had low, medium or high risks associated with them. Clicking on the relevant colour block took us straight to the vulnerabilities page where Acunetix provided an in-depth explanation of the problem. It included a full impact assessment that highlighted precisely where the vulnerabilities were found. More importantly, it offered sage advice on how to close the security hole, with links to helpful tutorials and videos. Reporting is another key feature as, along with developer and executive summary options, you can configure the scan to produce detailed compliance reports for ISO 27001, HIPAA, SoX and many more. Selected targets can also be linked to the GitHub, Microsoft TFS and Atlassian JIRA issue trackers, allowing vulnerability alerts to be passed directly to development teams for swift resolution. Acunetix can also integrate into new and existing Jenkins Continuous Integration (CI) and Continuous Delivery workflows via its Jenkins plugin. With data protection regulations getting ever stricter, Acunetix' Web Vulnerability Scanner could be all that stands between business success and disaster. It delivers the toughest vulnerability scan technologies on the market, amalgamates them neatly into a single management console and delivers them all at a very affordable price. CS Product: Acunetix 11 Supplier: Acunetix UK Web site: www.acunetix.com Telephone: +44 (0)330 202 0190 Price: Pro Edition, 1 year subscription, €2,995 (euros) 20 computing security May/June 2017 @CSMagAndAwards www.computingsecurity.co.uk

VISIT THE WEBSITE TO DOWNLOAD THE AGENDA 11 -12 july, 2017 - hilton syon park hotel, london THE CYBER SECURITY EXCHANGE WILL BRING TOGETHER SENIOR INFORMATION SECURITY LEADERS FROM A NUMBER OF INDUSTRIES SUCH AS; FINANCIAL SERVICES, PHARMACEUTICALS, HEALTHCARE, AUTOMOTIVE AND RETAIL TO SEE WHAT BUSINESS CONTINUITY STRATEGIES ARE IN PLACE AND HOW SECURITY AWARENESS IS BEING PROMOTED ACROSS THEIR ORGANISATIONS. CHECK OUT SOME OF THE SPEAKERS: HEAD OF INFORMATION DEPUTY DIRECTOR, CYBER & GROUP DATA PRIVACY & SECURITY CONSULTANCY GOVERNMENT SECURITY INFORMATION SECURITY OFFICER WE'VE SURVEYED OUR NETWORK OF CISOS AND HEADS OF INFORMATION SECURITY TO DISCOVER WHAT THEIR KEY CHALLENGES AND PROJECTS ARE FOR THE UPCOMING 6 TO 12 MONTHS, PLUS WHAT SOLUTIONS AND SERVICES THEY ARE PLANNING TO INVEST IN TO HELP THEM OVERCOME THEIR CHALLENGES AND MEET THEIR GOALS. HERE ARE SOME OF THEIR PRIORITIES: IF YOUR CHALLENGES AND PRIORITIES ALIGN WITH ANY MENTIONED ABOVE, YOU'RE IN LUCK! COMPUTING SECURITY MAGAZINE READERS QUALIFY FOR A 20% DISCOUNT BY QUOTING CSCYBER17 CONTACT EXCHANGEINFO@IQPC.COM TO SECURE YOUR PLACE TODAY! *20% DISCOUNT ONLY APPLICABLE TO QUALIFYING DELEGATES AND YOU MUST BE A READER OF COMPUTING SECURITY MAGAZINE WWW.CYBERSECURITYEXCHANGEEUROPE.IQPC.CO.UK