(網路漏洞掃瞄)Acunetix Web Vulnerability Scanner Consultant Edition 9.0.20140505

【文章內容】:

網站的安全性可能是當今最容易被忽視的安全企業方面,應該是在任何組織的首要任務。基於Web的應用程式黑客正在集中精力 - 購物車,表單,登入頁面,動態內容等Web應用程式都可以訪問一個星期,每天24小時,7天,並控制有價值的資料,因為他們往往直接訪問後端資料如客戶資料庫。防火牆, SSL和鎖定的伺服器是徒勞的針對Web應用黑客在網路安全層級的任何防禦將不提供保護,防止Web應用程式的攻擊,因為它們是在連接埠80上推出的 - 它有保持開放。此外,Web應用程式通常是量身定制的,因此測試不到現成的,現成的軟體,而且更容易有未被發現的漏洞。 WVS的Acunetix會自動檢查你的web應用程式的SQL注入,跨站腳本和其他網路漏洞。

Acunetix網路漏洞掃瞄器審核您的網站的安全性


如果Web應用程式是不安全的,那麼的敏感訊息你的整個資料庫處於嚴重的風險。為什麼呢?

‧網站和關聯Web應用程式必須提供24×7提供所需的服務於客戶,員工,提供者和其他利益關聯者
‧防火牆和SSL不提供保護,防止web應用程式的黑客,僅僅是因為訪問該網站已被公開
‧ Web應用程式通常可以直接訪問後端資料,如客戶資料庫,因此,控制寶貴的資料更難以確保
‧自訂應用程式更容易受到攻擊,因為它們涉及到一個較小的程度的測試比現成的,現成的軟體
‧黑客喜歡,因為獲得的巨大收益辛勤的銷售資料訪問敏感資料。

在深入檢查SQL注入,跨站台腳本(XSS )和其他漏洞


檢查Acunetix為所有Web漏洞,內含SQL注入,跨站腳本等。 SQL注入是一種黑客技術,它會修改SQL指令,以訪問資料庫中的資料。跨站台腳本攻擊容許黑客在你的訪問者的瀏覽器執行惡意腳本。

檢驗這些漏洞,需要一個複雜的檢驗引擎。派拉蒙對Web漏洞掃瞄是不是攻擊一台掃瞄器可以檢驗的數量,但複雜性和徹底性與掃瞄器啟動SQL注入,跨站腳本和其他攻擊。擁有Acunetix漏洞檢驗引擎的狀態,很快就找到漏洞與誤報數量。它也位於CRLF注入,代碼執行,目錄遍歷,檔案包括和驗證的漏洞。

掃瞄AJAX和Web 2.0技術的漏洞


最先進的JavaScript分析器容許你全面掃瞄最新的和最複雜的AJAX / Web 2.0的Web應用程式,並找到漏洞的狀態。

詳細報告可讓您滿足法律及監管合規

它內含一個廣泛的報告模組,可以生成顯示你的Web應用程式是否符合新的VISA PCI資料合規性要求的報告。

分析了針對谷歌黑客資料庫網站


在谷歌黑客資料庫( GHDB )是黑客用來確定在您的網站,如門戶網站的登入頁面,網路安全訊息日誌等敏感資料的查詢的資料庫。推出Acunetix的谷歌黑客資料庫查詢到你的網站的抓取內容,並確定了「搜尋引擎黑客」之前做敏感資料或利用的目的。

內含先進的滲透測試工具

除了它的自動掃瞄引擎,包括Acunetix先進的工具,使滲透測試人員來微調Web應用程式的安全檢查:

‧ HTTP編輯器 - 有了這個工具,你可以輕鬆地構建HTTP / HTTPS請求並分析Web伺服器的響應。
‧ HTTP嗅探器 - 攔截,記錄和修改所有的HTTP / HTTPS流量,並揭示了一個Web應用程式傳送的所有資料
‧ HTTP的Fuzzer - 執行緩衝區溢出和輸入驗證複雜的測試。數以千計的測試輸入變量與容易使用HTTP的fuzzer的規則生成器。這將需要數天來手動進行測試,現在可以在幾分鐘內完成。
‧建立定制的攻擊或修改現有的網路漏洞編輯器

測試密碼保護區和網頁表單的自動HTML表單填充物

Acunetix網路漏洞掃瞄器能夠自動填寫網頁表單和驗證對網路登入。大多數Web漏洞掃瞄器是無法做到這一點,或是需要複雜的腳本來測試這些頁面。不帶這樣的Acunetix :使用巨集錄製工具,您可以錄製登入或是填寫表單程式和存儲序列。然後,掃瞄器可以在掃瞄過程中重播這個序列,並自動填寫網頁表單或登入到受密碼保護的區功能變數。

 

attachments/201405/6905632582.jpg


--------------------------------------------------------------------------------
【文章標題】:(網路漏洞掃瞄)Acunetix Web Vulnerability Scanner Consultant Edition 9.0.20140505
【文章作者】: EDM設計_電子報E-Mail廣告行銷教學密訓基地
【作者信箱】: ster168ster@gmail.com
【作者首頁】: http://por.tw/edm/
【EDM設計_電子報E-Mail廣告行銷教學課程】: http://por.tw/edm/edm_Marketing/index.php
【基地主機】: http://goto1688.com/edm/
【版權聲明】: (原創)EDM設計_電子報E-Mail廣告行銷教學密訓基地,轉載必須保留完整標頭。刪除者依法追究!
--------------------------------------------------------------------------------
Acunetix Web Vulnerability Scanner Consultant Edition 9.0.20140505

Website security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases. Firewalls, SSL and locked-down servers are futile against web application hacking Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications are often tailor-made therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

Audit your web site security with Acunetix Web Vulnerability Scanner

If web applications are not secure, then your entire database of sensitive information is at serious risk. Why?

• Websites and related web applications must be available 24 x 7 to provide the required service to customers, employees, suppliers and other stakeholders
• Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public
• Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure
• Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software
• Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data.

In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities

Acunetix checks for all web vulnerabilities including SQL injection, Cross site scripting and others. SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.

Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine which quickly finds vulnerabilities with a low number of false positives. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion and Authentication vulnerabilities.

Scan AJAX and Web 2.0 technologies for vulnerabilities

The state of the art javascript analyzer allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications and find vulnerabilities.

Detailed reports enable you to meet Legal and Regulatory Compliance

Acunetix Web vulnerability scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new VISA PCI Data Compliance requirements.

Analyzes your site against the Google Hacking Database

The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive data on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.

Advanced penetration testing tools included

In addition to its automated scanning engine, Acunetix includes advanced tools to allow penetration testers to fine tune web application security checks:

• HTTP Editor - With this tool you can easily construct HTTP/HTTPS requests and analyze the web server response.
• HTTP Sniffer - Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application
• HTTP Fuzzer - Performs sophisticated testing for buffer overflows and input validation. Test thousands of input variables with the easy to use rule builder of the HTTP fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
• Create custom attacks or modify existing ones with the Web Vulnerability Editor

Test password protected areas and web forms with Automatic HTML form filler

Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test these pages. Not so with Acunetix: Using the macro recording tool you can record a logon or form filling process and store the sequence. The scanner can then replay this sequence during the scan process and fill in web forms automatically or logon to password protected areas.


(網路漏洞掃瞄)Acunetix Web Vulnerability Scanner Consultant Edition 9.0.20140505 | Home Page - http://www.acunetix.com

(網路漏洞掃瞄)Acunetix Web Vulnerability Scanner Consultant Edition 9.0.20140505 : 34.3 MB
--------------------------------------------------------------------------------
【EDM設計_電子報E-Mail廣告行銷】你在摸索如何Mail廣告行銷做生意嗎?有【技術顧問服務】可諮詢嗎?
當問題無法解決你要發很多時間處理(或許永遠找出答案)那就是自己摸索Mail廣告行銷痛苦的開始!
購買【電子報E-Mail廣告行銷教學】函授課程錄影DVD課程,就可獲得【電子報廣告行銷】技術【顧問諮詢服務】!

標籤: 軟體評鑑
評論: 0 | 引用: 0 | 閱讀: 1671