|
Tools - Acunetix web vulnerability scanner
Tools - Acunetix web vulnerability scannerCarlos Garcia Prado Operating system: Windows License: Comercial with evaluation version of 30 days. Aplication: Vulnerability detection in web servers. Home Page: http://www.acunetix.com Acunetix Web Vulnerability Scanner is a tool designed for the exhaustive scanning of vulnerabilities in corporate web servers. It allows to scan directory structure and perform automatically an entire set of tipical attacks that gets profit of configuration or programming errors. Quick start: Imagine you manage the security of a big web based company. That's a big task because you need to have a huge amount of variables under control. Obviously the only professional choice to accomplish this task is with the help of an automatised tool. After looking for a while in the internet you decide to test a professional one: Acunetix Web Vulnerability Scanner. Using this product is extremely easy. The tool provides a wizard to start a new scan. These are the five simple steps to follow: first, we need to specify the scan type, here we can choose to scan a range of computers or a single one. In this case we choose a single PHP based website. In the next frame, we select the target technologies we want to scan. Selecting all the technologies is a safe choose ( ASP, PHP, Perl, OpenSSL, etc. ) because the scan is very fast. The next set of options let us choose several (predefined) scanning profiles and define crawling options, related to the way the crawlers processes the directory structure of the web site. Moreover, we can set in the fourth frame, some login options, thus allowing us to test private sites ( if we have access to them, of course ). Finally, theres a section referring to the custom 404 error pages. We don't care for this now. We have the opportunity to review the scanning details before starting the scan. Check it! then click Finish. We can see how Acunetix completely rips the file structure of the site, but this is not the point. We are now only interested on the security alerts! These are cleanly catalogued in sections, so we can easily get an overview of the security status of our site. Our enterprise has a very strict politic and is very paranoic about the theft of confidential information of customers, thus the primary focus is clear: XSS ( cross site scripting ). Acunetix has found 10 XSS vulnerabities that could be exploitable and clasified them as high risk. Bad thing! Only for the sake of simplicity we concerne ourselves about the search.php file. We can see how Acunetix has tested the script injecting the following string searchFor= &goButton=go, as a POST variable in the URL. The result of a poor written script should be the execution of the code inside the tags, that is, a popup alert window. This has no malicious effect over the script, as we can see in the HTTP request and response message frame. The other scripts seems to be not vulnerable to this type of attack also, so we can (almost) sleep as a child. Other features: The better of the scan results, and the reason why Acunetic WVS is a great tool, is that it gives us not only information about the vulnerability but information on how to prevent it. In our example, the tool recommends to filter the metacharacters from user input. Moreover, it has a database with further references to learn more about this kind of attacks. On the other side, the worse of Acunetix WVS is that it's a commercial product and very expensive for a casual user, it's oriented to big enterprises that want to check frequently their web-based business or to security assesment companies. Carlos Garcia Prado
|
|
