Acunetix web vulnerability scanner linux

Acunetix Vulnerability Scanner

Improve Your Web Application Security with the Acunetix Vulnerability Scanner

Acunetix is not just a web vulnerability scanner. It is a complete web application security testing solution that can be used both standalone and as part of complex environments. It offers built-in vulnerability assessment and vulnerability management , as well as many options for integration with market-leading software development tools. By making Acunetix one of your security measures, you can significantly increase your cybersecurity stance and eliminate many security risks at a low resource cost.

Automate and Integrate Your Vulnerability Management

To save resources, ease remediation, and avoid late patching, enterprises often aim to include web vulnerability tests as part of their SecDevOps processes. Acunetix is one of the best DAST tools for such a purpose due to its efficiency in both physical and virtual environments.

• Acunetix integrations are designed to be easy. For example, you can integrate Acunetix scans in your CI/CD pipeline with tools such as Jenkins in just a few steps.
• For effective vulnerability management, you can also use third-party issue trackers such as Jira, GitLab, GitHub , TFS, Bugzilla, and Mantis. For some issue trackers, Acunetix also offers two-way integration, where the issue tracker may automatically trigger additional scans depending on the issue state.
• Acunetix offers its own API that you can use to connect to other security controls and software developed by third parties or in-house. In the case of enterprise customers, Acunetix technical experts will help you integrate the tool within atypical environments.

Trust the Most Mature and Fastest Vulnerability Scanning Tool

Acunetix is the first web security scanner on the market that is constantly being improved since 2005. It is a highly mature, specialized tool developed by web security testing experts. Such specialization made it possible to build a solution that is more effective than many bundled tools.

• The Acunetix vulnerability scanning engine is written in C++, making it one of the fastest web security tools on the market . This is especially important when scanning complex web applications that use a lot of JavaScript code. Acunetix also uses a unique scanning algorithm – SmartScan, with which you can often find 80% vulnerabilities in the first 20% of the scan.
• The speed goes in line with very high vulnerability discovery effectiveness. Acunetix is also known for its very low false-positive rate, which helps you save resources during further penetration testing and lets your analysts focus on new vulnerabilities. Acunetix also provides proof of exploit for many vulnerabilities.
• To increase scanning efficiency, you can use multiple scanning engines deployed locally. Engines can work both with the Acunetix on-premises and cloud version.

Get Added Value Including Network Security

Acunetix is available in versions suited to different customer needs. It can be deployed locally on Linux, macOS , and Microsoft Windows operating systems. You can also use it as a cloud product to save your local resources.

• In addition to web application vulnerabilities, such as SQL Injections and Cross-site Scripting (XSS) , Acunetix helps you discover other security threats. This includes web server configuration issues or misconfigurations, unprotected assets, malware , and other security threats listed in OWASP Top 10 .
• To protect your key assets, you can use the unique AcuSensor IAST technology for PHP, Java, or .NET. This technology helps you remediate by making it easier to pinpoint the cause of the security hole.
• Acunetix is integrated with the OpenVAS open-source tool. This network security scanner helps you scan your IP address ranges to discover open ports and other security vulnerabilities specific to network devices. You can handle your web and network vulnerabilities together using a single dashboard.

Frequently asked questions

Why do I need vulnerability scanning?

Vulnerability scanning is the only automatic way to protect your website or web application from malicious hacker attacks. In addition, you should do manual penetration testing after a vulnerability scan. You should use web application firewalls only as temporary protection before you can fix vulnerabilities.

What does a vulnerability scanner do?

A vulnerability scanner sends special data to your website or web application – the type of data that a malicious hacker would send. However, it does it in a safe way. If the response from your website or web application shows that it can be hacked, the vulnerability scanner reports it to you and tells you how to fix it.

How often should you run a vulnerability scan?

You should scan your website or web application every time that you change it. However, if you use ready-made web applications such as WordPress, some plugins may be updated automatically and you do not always know if someone else is introducing changes. Therefore, we recommend that you run a full scan every week and a quick scan (incremental scan and/or high severity scan) every day.

Which is the best vulnerability scanner?

We believe that Acunetix is the best vulnerability scanner because it is the most automated, the most efficient, and the most accurate scanner on the market. If you want to find out for yourself, test it along with other scanners.

Recommended Reading

Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.

Источник

Installing Acunetix

Minimum System Requirements

• Supported Operating systems

• Microsoft Windows 8.1 or Windows 2012 R2 and later
• MacOS Catalina and MacOS Big Sur
• Ubuntu Desktop/Server 18.0.4 LTS or higher
• Suse Linux Enterprise Server 15
• openSUSE Leap 15.0 and 15.1
• Kali Linux versions 2019.1 and 2020.1
• CentOS 8 and CentOS Stream Server and Workstation (with SELinux disabled)
• RedHat 8 (with SELinux disabled)
• We are actively testing other Linux distributions. Please let us know if you have requests for specific distros.

• CPU: 64 bit processor
• System memory: minimum of 2 GB RAM
• Storage: 1 GB of available hard-disk space.
  This does not include the storage required to save the scan results — this will depend on the level of usage of Acunetix.

Supported Browsers

The Acunetix User Interface is delivered through a web server. The supported browsers are:

If you encounter browser-related issues, please first ensure that you are running the latest version of one of the supported browsers before contacting support.

Networking PreRequisites

Installation on Windows

1. Download the latest Windows version of Acunetix from the download location provided when you purchased the license.
2. Double click the installation file to launch the Acunetix installation wizard and click Next when prompted.
3. Review and accept the License Agreement.
4. Provide credentials for the Administrative user account. These will be used to access and configure Acunetix.
5. Configure how the Acunetix Web UI is accessed, and if remote UI access is allowed.
6. Review the installation tasks, and click Install to start the installation.
7. Setup will now copy all files and install the Acunetix services.
8. Click Finish when ready.

Installation on Linux

• Download the latest Linux version of Acunetix from the download location provided when you purchased the license.
• Open a Terminal Window
• Use chmod to add executable permissions on the installation file
  E.g. chmod +x acunetix_13.0.200205121_x64.sh
• Run the installation
• E.g. sudo ./acunetix_13.0.200205121_x64.sh
• In case there are dependencies missing see the Notes section
• Review and accept the License Agreement.
• Configure the hostname which will be used to access the Acunetix UI
• Provide credentials for the Administrative user account. These will be used to access and configure Acunetix.
• Proceed with the installation.

Notes:

Package Prerequisites

The following packages need to be installed prior to installing Acunetix:

• On Ubuntu:

• sudo apt-get install libxdamage1 libgtk-3-0 libasound2 libnss3 libxss1 libx11-xcb1 libxcb-dri3-0 libgbm1 libdrm2 libxshmfence1

• On Suse Linux Enterprise Server or OpenSUSE Leap:

• sudo zypper install libXdamage1 libgtk-3-0 libasound2 mozilla-nss libX11-xcb1 libXss1

• On Red Hat Enterprise Linux 8 or CentOS 8 or CentOS Stream:

• sudo yum install libX11 libX11-devel gtk3 nss libXScrnSaver alsa-lib bzip2 mesa-libgbm

SeLinux on CentOS 8, CentOS Stream, or RedHat 8

SeLinux needs to be disabled if you are installing Acunetix on CentOS or RedHat.

• To disable SeLinux temporarily, open a Terminal window and run the following:

• sudo setenforce 0

• To disable SeLinux permanently:

• open a Terminal window
• run the command «sudo nano /etc/selinux/config»
• find the line that sets the «SELINUX» parameter and change the line to read «SELINUX=disabled»
• save the amended «/etc/selinux/config» file
• reboot the machine

Installation on MacOS Mojave and MacOS Catalina

• Download the latest MacOS version of Acunetix from the download location provided when you purchased the license.
• Double click the installation PKG file to launch the Acunetix installation wizard, and click «Continue» when prompted.
• Review and accept the License Agreement.
• You may be prompted for your MacOS password to complete parts of the installation.
• Provide credentials for the Acunetix Administrative user account. These will be used to access and configure Acunetix.
• Configure how the Acunetix Web UI is accessed, and click «Continue» to start the installation.
• Setup will now copy all files and install the Acunetix services; when the installation is completed, the default browser will be launched to allow access to the Acunetix UI, and the «Continue» button will become enabled in the installer.
• Click «Close» to exit the installer.

Activating your Acunetix Installation

After the installation, Acunetix needs to be activated using your license key. This can be done by logging into Acunetix using the web UI, which by default is running on https://localhost:3443. You will immediately be directed to the User Profile page, where you will need to update your contact details. Insert your License key and proceed with product activation.

Language for Web Interface

You can select from one of the available languages for the web interface from the User Profile page.

Time Zone

If you wish Acunetix to present date information in a Time Zone that is different from that of your operating system, you can select the desired timezone.

Enable the AcuMonitor Service

At this stage, you can also choose to register your installation with the AcuMonitor service. AcuMonitor is used to detect certain types of vulnerabilities, such Blind XSS, SSRF, XXE and other out of band vulnerabilities which can only be detected using an intermediary service. More information on AcuMonitor can be found at http://www.acunetix.com/vulnerability-scanner/acumonitor-blind-xss-detection/ .

Note: Product activation requires a connection to the internet.

Enabling Additional Scanning Technologies

You can enable additional scanning tools to achieve a more thorough evaluation of your Targets.

Installing AcuSensor in your web application

If you need to scan a .NET, JAVA or PHP web application, you should install Acunetix AcuSensor on your web application in order to improve the detection of vulnerabilities, get the line in the source code where vulnerabilities are located and decrease false positives.

Installing Network Scanning (OpenVAS)

Acunetix can be configured to use OpenVAS to perform network scans of the Targets configured in Acunetix.

Installing Malware Scanning

Acunetix can work in conjunction with AntiVirus engines to check for malware on your site. The default engine used is the Windows Defender AntiVirus service, with ClamAV being a viable alternative.

Upgrading Acunetix

Upgrading Acunetix for Windows

To upgrade from a previous MAJOR version of Acunetix:

• Close all instances of Acunetix
• Optionally backup the Acunetix data folder which includes the Acunetix database and other settings. These are all found in
• You can run the latest Acunetix installation directly on the machine running the previous version of Acunetix. The installation will detect the older version, and will proceed with upgrading it to the latest version. All your settings will be retained.

Upgrading Acunetix for Linux

To upgrade from a previous MAJOR version of Acunetix:

• Close all instances of Acunetix
• Optionally backup the Acunetix data folder which includes the Acunetix database and other settings. These are all found in /home/acunetix/.acunetix
• You can run the latest Acunetix installation directly on the machine running the previous version of Acunetix. The installation will detect the older version, and will proceed with upgrading it to the latest version. All your settings will be retained.

Источник

Acunetix: More than a Vulnerability Scanning Tool

A simple web vulnerability scanner is not enough for a business to maintain web application security. Businesses require solutions that treat web security vulnerabilities as processes, not as one-time events (just like in the case of anti-malware solutions). That is why a business-oriented solution must include not only vulnerability scanning but also vulnerability assessment and vulnerability management functionality. No matter whether you need to secure your in-house development, for example, PHP or Java applications, or third-party tools, such as WordPress and its plugins, you need the best tool for the job.

Acunetix is available on-premise for the Windows and Linux operating systems as well as an online service.

Top-of-the-Line Vulnerability Scanning

There are certain qualities that a business-oriented vulnerability scanner must possess. It must find as many security holes as possible and be able to find them quickly. Additionally, the security scanner must not hinder the operations by reporting false positives.

• The Acunetix scanning engine is developed using very efficient technologies. It handles even complex web applications, which use a lot of HTML5 and JavaScript. It also works very quickly in real-time and covers a full range of security vulnerabilities including OWASP Top 10 categories: from SQL Injections and Cross-site Scripting (XSS) to web server misconfigurations and other configuration issues.
• The rate of false-positive reporting is very low for the Acunetix security tool. Optionally, if you use its IAST module, AcuSensor, it reduces the rate even further.
• It’s comfortable to manage web vulnerability tests and network vulnerability tests from a single location. Acunetix Premium is integrated with the leading open-source tool for network security scanning – OpenVAS. This way, you can keep your web and network devices secure together without the need for manual tools like nmap for open port scanning.

Best-in-Class Vulnerability Assessment Functionality

After a security vulnerability is found, there is a need for security assessment which includes classifying the vulnerability according to potential security risks. Acunetix is also a vulnerability assessment tool. It provides businesses with information, which helps prioritize security patches.

• Each discovered new vulnerability is classified according to renowned cybersecurity classification schemes and presented along with detailed information useful for further penetration testing as well as patching advice.
• Application vulnerabilities are assigned one of four severity ratings based on their potential impact on the business and the ease of exploit.
• The Acunetix reporting engine provides detailed vulnerability assessment reports for further analysis.

Vulnerability Management: Vulnerabilities as Processes

Finding a vulnerability and assessing its severity is an automatic process, which takes very little time. After this is completed, the most time-consuming and complex process starts – fixing the vulnerability and verifying the fix. If this process needs to be handled manually, it requires a lot of resources and the risk of making mistakes is high. That is why Acunetix makes it easy to automate it as much as possible.

• Acunetix works with leading issue management solutions. It can automatically create issues. This way the manual part of the issue management process is limited to the issue management solution.
• If you develop your web applications in-house, you need to check them for potential security issues as soon as possible. Acunetix works with CI/CD solutions that build and run your web applications in virtual environments.
• A vulnerability may resurface after some time and it’s valuable to know the original one. This may speed up the patching process considerably. Acunetix facilitates this, as well.

We utilize Acunetix to more thoroughly assess internet-facing websites and servers. Acunetix helps us identify vulnerabilities in conjunction with other vulnerability scanning applications. Acunetix has been a more reliable application when discovering / determining different types of malicious code injection vulnerabilities (SQL, HTML, CGI, etc).

Carter Horton, Assoc. Information Analyst, GD Information Technology

Источник