contents

software
 
Web Applications: a Chink in Your Armour?

Acunetix has announced the release of Acunetix Web Vulnerability Scanner version 4. This latest version provides a more comprehensive solution for enterprises wanting to detect exploitable website and web application vulnerabilities such as SQL Injection and Cross Site Scripting.

Acunetix Web Vulnerability Scanner provides protection by automatically auditing the security of websites. The software crawls an entire website, launches several web attacks (SQL Injection, Cross Site Scripting, Google hacking, etc.) and identifies vulnerabilities that need to be fixed, while proposing recommendations.

78% of financial services institutions (including banks, insurers and investment professionals) were attacked by hackers in the past year, according to Deloitte's annual 2006 Global Security Survey. This is in stark contrast with only 26% reported in 2005.
* In June this year, an unknown number of PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information. Hackers deceived their victims by injecting and running malicious code on the genuine PayPal website by using the Cross Site Scripting technique.
* Security researcher, Yash Kadakia, announced that Cross Site Scripting and CRLF (Carriage Return Line Feed) injection vulnerabilities found in MSN and Amazon sites could be used by hackers to gain access to Amazon.com and MSN accounts, or to display a fake login page for use in phishing attacks.

The new Acunetix Web Vulnerability Scanner broadens the scope of vulnerability scanning by introducing advanced and highly rigorous heuristic technologies to tackle the complexities of today's web-based environments.

Version 4 now adds the ability to check AJAX applications for security vulnerabilities. AJAX applications offer tremendous possibilities for extending the use of web applications, however they also require more stringent security checks. Acunetix WVS 4 now includes the industry's most advanced JavaScript analyzer to help companies keep their AJAX applications secure. Other new new features include: Command Line Support, URL Rewrites, Custom Cookies Support and Enhanced Search, Scheduling, Logging and Reporting.



write your comments about the article :: 2006 Computing News :: home page