With the explosion of malicious attacks on websites has come the need to monitor websites for vulnerabilities. From the smallest company to large, multi-national corporations, no business is immune to criminal activity. Acunetics has taken a giant leap forward in the monitoring of websites, web applications, and network assets in Acunetics Version 12.
What’s New in Acunetics Version 12?
According to a May 22, 2018 post to the Aquatics blog, the company has defined the upgrades in Version 12 in the six bullet points as follows:
- “Scan speed of up to 2X ”
- “Support for latest JavaScript technologies (ES7).”
- “New AcuSensor for Java web ”
- “Pause and Resume scan ”
- “Exclusion of specific paths in the site’s structure directly from the ”
- “Inclusion of Password Policy ”
Before we unwrap the new features in Acunetics V12, let’s take a step back and help those unfamiliar with Acunetics understand what Acunetics is and what it does.
Acunetics is a tool used to scan multiple websites, web applications, and network assets for vulnerabilities. The developers of Acunetics promote the system as a “complete and accurate” scanning platform. Although Acunetics’ competitors may try to pick away at their claims, Acunetics puts out a solid product that is immensely useful in ensuring the security of your company’s web assets.
What Does Acunetics do?
- Runs website, web application and network scans
- Analyzes scan results
- Allows management of vulnerabilities discovered by scans
The Acunetics dashboard or user interface shows the user the vulnerabilities detected, the average remediation time for those vulnerabilities, as well as the most frequent vulnerabilities detected across the web assets being monitored.
Acunetics uses the word “target” to refer to the websites, web applications, or network assets that it has been configured to scan.
How Does Acunetics Scanning Work?
Within the drop-down menu in the Acunetics dashboard, the user has the option of choosing from a variety of pre-set scans as well as the added value of building a custom scan.
The pre-set scans are as follows:
- Full Scan – Tests for all vulnerabilities
- High-Risk Vulnerability Scan – Tests for specific vulnerabilities
- Cross-Site Scripting Vulnerability Scan – Tests for specific vulnerabilities
- SQL Injection Vulnerability Scan – Tests for specific vulnerabilities
- Weak Passwords Vulnerability Scan – Tests for weak authentication
- Crawl Only Vulnerability Scan – Tests for specific vulnerabilities
Scans can be scheduled to run at a later date or to be run on a regular interval.
As a scan runs, the user can go to the Scan Stats Panel to see the progress of the scan updated in real time.
Acunetics and Reporting
Once your scan has been run, you can then download a report in PDF or HTML of the scan results. The reports give details such as:
- HTTP Request Sent
- Web References for Further Information
- Remediation Advice
- Details of the Vulnerability/Attack
One advantage of the Acunetics system is that the user can view all the vulnerabilities across their chosen “targets” in one central location.
Comparison reports of the scans done are available to be produced by the system as well. The comparison reports list all the vulnerabilities for a specific target or allow you to compare vulnerabilities across multiple targets.
Acunetics and Vulnerability Sorting
Acunetics has a powerful built-in filtering function that allows you to:
- Search and view vulnerabilities by specific criteria.
- Mark vulnerabilities as “”
- Export vulnerabilities to an issue tracking system to be fixed by the development team.
- Export a patch to be used until the development team has time to remediate the vulnerability fully.
Digging into the upgrades found in Acunetics Version 12
Acunetics is promoting Version 12 as an increase in automation, speed, and accuracy. So far, Version 12 is living up to the hype.
Speed
Acunetics has redesigned their scanning engine from the ground up for Version 12. They claim that it is now the fastest in the industry, and it just might be.
With Version 12, a company can run most scans in half the time it took them to run the same scans on the previous versions of Acunetics.
In addition, a user can set up multiple scan engines and run them from one central console. These scan engines can be deployed over multiple networks over a variety of geo-locations.
Support
In Version 12, Acunetics is keeping up with the pace of application development. Version 12 offers JavaScript ES6 and ES7 support. This allows for better scanning of Java-based, single page applications. AcuSensor for Java web applications allows for the following:
- Improved site coverage for vulnerability detection
- Provision of additional vulnerability information
- Decrease in false positives
Manage
The multiuser, multirole environment has been enhanced in Version 12 with the introduction of two important security functions.
- Two Factor Authentication Support
- Password Policies for User Accounts
Scan
In addition to the dramatically improved scanning speed to which we have already referred, Version 12 now allows:
- Pausing and resuming of vulnerability scans
- Exclusion of paths in site structure directly from User Interface without complex regular expressions.
After having thoroughly reviewed Acunetics Version 12, the opinion of the IT services and IT consulting professionals of Alliance Technology Partners is that Version 12 is a significant improvement to an already robust web application, website, and network asset vulnerability scanning platform.
Want to read more helpful information about Acunetics? We have it for you HERE.