Do you dread scanning your website because of how long it takes? There’s no way to avoid it though – every website needs a good *crawl.
Well, what if we said we have an answer to your problem? And not just that, but we take things a step further here at Alliance Technology Partners. We not only reduce scan times, but we maintain integrity while doing it. Many have hesitations accepting automatic report from a crawl as comprehensive. They wonder if anything was missed. With the way we do things around here, you won’t have anymore hesitations.
Our Process
First, we look at the scanning window you are allotted, and work backward from there. In some cases, we actually increase the scan time at the beginning. We do this because we discover that large portions of a web application have been left out of the previous crawl. We want to make sure we have all the content before eliminating any steps. After that, we eliminate the obvious. This can include: increasing the number of parallel connections, looking for network bottlenecks, adjusting scanning mode, adjusting the number of variations, examining web server and database performance, and reviewing inputs/exclusions with the development team.
We also use AcuSensor where appropriate. This is a security technology that allows you to identify more vulnerabilities than a traditional web application scanner. It tells you exactly where in your code the vulnerability is. Then, reports debug information. It also generates less false positives. It’s pretty accurate.
The way this works is by combining black box scanning techniques with feedback from sensors placed inside the source code. This happens while the source code is executed. Black box scanning alone does not know how the application reacts. Source code analyzers also do not understand how the application will behave while it is being attacked. So, by combining these techniques together, we are able to enjoy more relevant results.
How does this reduce scan times?
Well, this technology’s advanced efficiency allows it to scan much faster. And it never wavers in quality. As mentioned on Acunetix’s website, this technology:
- Allows you to locate and fix the vulnerability faster because of the ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query.
- We can significantly reduce false positives when scanning a website because we can internally understand the behavior of the web application better.
- Can alert you of web application configuration problems which could result in a vulnerable application or expose internal application details. E.g. If ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.
- Detect many more SQL injection vulnerabilities. Previously SQL injection vulnerabilities could only be found if database errors were reported or via other common techniques.
- No need to write URL rewrite rules when scanning web applications which use search engine friendly URL’s! Using AcuSensor Technology the scanner is able to rewrite SEO URL’s on the fly.
With us, your web crawls with be complete, specific, and accurate. To date, Acunetix is the leading web vulnerability scanner to use this technology. It’s actually the only one. So, when you come to Alliance Technology Partners, you know that we only provide you with the best. What’re you waiting for? Contact us and we’ll set you up to reduce those scan times!
*Web Crawling is the process of search engines combing through web pages in order to properly index them.