Web Security - Acunetix Web Vulnerability Scanner

At BitWork Multimedia we do not just develop good websites and applications; as well we understand that security of your websites is important, we therefore develop websites and applications, with security put into consideration, from the design and development phase, throughout the hosting process. For your current website, we have solutions to assist in auditing your website security. Many corporate and organization websites have been hacked and defaced, causing embarrassment and damaging their public relations, that is where we could help with our security expertise.

Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability

BitWork Multimedia is the East Africa authorized reseller of the leading Web application security solution - Acunetix Web Vulnerability Scanner.

Downloads:

Features

The features of Acunetix Web Vulnerability Scanner include:

  • An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications
  • Industries' most advanced and in-depth SQL injection and Cross site scripting testing
  • Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
  • Visual macro recorder makes testing web forms and password protected areas easy
  • Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms
  • Extensive reporting facilities including VISA PCI compliance reports
  • Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
  • Intelligent crawler detects web server type and application language
  • Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
  • Port scans a web server and runs security checks against network services running on the server
 
Scanned Vulnerabilities

Web Server Configuration Checks

  • Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
  • Verify Web Server Technologies
  • Vulnerable Web Servers
  • Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

Parameter Manipulation Checks

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection
  • Code Execution
  • Directory Traversal
  • File Inclusion
  • Script Source Code Disclosure
  • CRLF Injection
  • Cross Frame Scripting (XFS)
  • PHP Code Injection
  • XPath Injection
  • Path Disclosure (Unix and Windows)
  • LDAP Injection
  • Cookie Manipulation
  • Arbitrary File creation (AcuSensor Technology)
  • Arbitrary File deletion (AcuSensor Technology)
  • Email Injection (AcuSensor Technology)
  • File Tampering (AcuSensor Technology)
  • URL redirection
  • Remote XSL inclusion
  • DOM XSS
  • MultiRequest Parameter Manipulation : Blind SQL/XPath Injection
  • Input Validation
  • Buffer Overflows
  • Sub-Domain Scanning

File Checks

  • Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
  • Cross Site Scripting in URI
  • Checks for Script Errors

File Uploads

  • Unrestricted File uploads Checks
  • Directory Checks
  • Looks for Common Files (such as logs, traces, CVS)
  • Discover Sensitive Files/Directories
  • Discovers Directories with Weak Permissions
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Web Applications
  • HTTP Verb Tampering

Text Search

  • Directory Listings
  • Source Code Disclosure
  • Check for Common Files
  • Check for Email Addresses
  • Microsoft Office Possible Sensitive Information
  • Local Path Disclosure
  • Error Messages
  • Trojan Shell Scripts (such as popular PHP shell scripts like r57shell, c99shell etc)

Weak Password Checks

  • Weak HTTP Passwords
  • Authentication attacks
  • Weak FTP passwords

Google Hacking Database (GHDB)

  • Over 1200 Google Hacking Database Search Entries

Port Scanner and Network Alerts

  • Finds All Open Ports on Servers
  • Displays Network Banner of Port
  • DNS Server Vulnerability: Open Zone Transfer
  • DNS Server Vulnerability: Open Recursion
  • DNS Server Vulnerability: Cache Poisoning
  • Finds List of Writable FTP Directories
  • FTP Anonymous Access Allowed
  • Checks for Badly Configured Proxy Servers
  • Checks for Weak SNMP Community Strings
  • Finds Weak SSL Cyphers
 
Pricing

Small Business Edition: 1 nominated Website

The Small Business Edition is extended to those organizations owning and operating one website installed on a single server. Ideal for small businesses, this edition allows you to scan 1 nominated website and cannot be used to scan sites of customers or third parties.

Code Description Cost
WVSE1P
Perpetual License
$ 1,445
WVSE1MA
Optional Maintenance Agreement (includes free software version upgrades, as well as email and phone support)   
$ 375

Enterprise Edition: Unlimited Websites

The Enterprise Edition is extended to those organizations owning and operating more than one website.  Ideal for larger organizations, this allows you to scan an unlimited number of websites and cannot be used to scan sites of customers or third parties.

Code Description Cost
WVSC1Y 1 year Subscription License
$ 3,195
WVSE1P
Perpetual License
$ 4,995
WVSC1Y 1 year Subscription License
$ 3,195
WVSE1MA Optional Maintenance Agreement (includes free software version upgrades, as well as email & phone support) $ 1,000

Consultant Edition: Unlimited Websites

The Consultant Edition is extended to those organizations scanning any number of websites owned by their customers to provide them with penetration testing and vulnerability assessment services. Ideal for Security Consultants, Web Development Agencies and ISPs, this Edition also contains the Vulnerability Editor that allows you to create specific types of assessment tests and reports.  The Consultant's Edition also allows you to personalize your reports by adding your own logo.

Code Description Cost
WVSC1Y 1 year Subscription License $ 3,995
WVSE1P Perpetual License $ 6,350
WVSE1MA Optional Maintenance Agreement (includes free software version upgrades, as well as email & phone support)
$ 1,000
 

 
B.W.T.G A.fr.i.ca