contents | software | |||||||
| Can You Afford to Pay $500K in Fines? The PCI Compliancy Standard requires any company that has a website and does business online, to ensure their web site and web applications are secure. Penalties for noncompliance range from fines of up to $500,000, to increased auditing requirements or even losing the ability to process credit card transactions. Acunetix has announced the release of Acunetix Web Vulnerability Scanner v5 which includes an extensive compliancy reporting tool amongst others, to aid companies achieve PCI compliancy. Acunetix WVS v.5 helps meet the following PCI requirements: • (Requirement 2.2.4) Remove all unnecessary functionality; • (Requirement 2.3) Encrypt all non-console administrative access; • (Requirement 4) Encrypt transmission of cardholder data across open, public networks; • (Requirement 6) Develop and maintain secure systems and applications; • (Requirement 6.5.1) Unvalidated Input; • (Requirement 6.5.2) Broken Access Control; • (Requirement 6.5.3) Broken Authentication and Session Management; • (Requirement 6.5.4) Cross Site Scripting (XSS) Flaws; • (Requirement 6.5.5) Buffer Overflows; • (Requirement 6.5.6) Injection Flaws; • (Requirement 6.5.7) Improper Error Handling; • (Requirement 6.5.8) Insecure Storage; • (Requirement 6.5.9) Denial of Service; • (Requirement 6.5.10) Insecure Configuration Management. Other important new features: - Acunetix Reporter - The Acunetix Reporter is a separate application which provides centralized control over all reporting and documentation needs. The Reporter allows single-click reporting capability and features multiple reporting formats such as vulnerability and developer reports, compliance (including The Health Insurance Portability and Accountability Act (HIPAA), OWASP TOP 10 2004, OWASP TOP 10 2007, Payment Card Industry (PCI), Sarbanes Oxley Act of 2002, Web Application Security Consortium: Threat Classification), comparison, and also statistical reports. The Reporter allows reports to be exported as PDF, RTF, HTML, BMP, and PRN formats. - Web Services Scanner - Many organizations are implementing the Web Services architecture to increase the availability of information and to improve process executions of the internet. Web Services, like any other internet-dependent system, presents new exploit possibilities and increases the need for security audits. The Web Services Scanner performs automated vulnerability scans for Web Services and generates detailed security reports from the results. - Web Services Editor - Allows the importing of an online or local WSDL and the sending of custom operation inputs over the ServiceSOAP ports. Also includes in depth analysis of the WSDL structure, containing parameters in the XML schema and the various operations over the SOAP service ports. - Subdomain Scanner - Automatically scans a top-level domain to locate any subdomains configured in its hierarchy by using the target domain's DNS server, or by specifying one manually. Any subdomains discovered can be scanned for vulnerabilities from within the tool itself, or imported directly into the HTTP Editor for further analysis through custom requests. write your comments about the article :: © 2007 Computing News :: home page |