最新版 Acunetix Web Vulnerability Scanner v12 更新於 2019/11/25
使用 Acunetix Web Vulnerability Scanner 檢測您的網站安全
多達 70% 的網站都存在漏洞,可能導致有心人士盜竊公司敏感資料如信用卡資料或是客戶名單。
駭客正全天候的專注攻擊基於網路的應用程式:像是購物車、表格、登入頁面、動態內容等。世界上不安全的Web應用程式都為駭客提供了方便的企業後台資料。
使用防火牆, SSL 以及伺服器鎖定來對付侵入 Web應用程式的駭客是徒勞無功。
駭客通過 80/443連接埠,直行穿越防火牆對 Web應用程式攻擊,操作系統和網路級安全性防護設備,輕易的獲取應用程式的核心系統和企業資料。客製化的Web應用程式往往沒有經過充分的測試,未經發現的漏洞容易成為駭客入侵的目標。
Acunetix – 全球領先的 Web應用程式安全設備
Acunetix開創了網絡應用的安全掃描技術:它的工程師集中在網絡安全,早在1997年制定了工程領導網站分析和漏洞檢測。
Acunetix Web Vulnerability Scanner 包含了許多創新功能:
- AcuSensor 技術
- 業界最先進和最深入的SQL程式碼注入攻擊和腳本測試。
- 強大的可視化功能使得測試HTML 表單過濾器和登入網頁之密碼強度功能變得更容易
- 支援具有破解圖形驗證網頁、單一登入以及雙因素認證機制
- 廣泛的報告設施,包括簽證的PCI遵守情況報告
- 多線程快速掃描,讓使用者可以方便的抓取數以十萬計的網頁
- 智能掃描器檢測網絡服務器類型和應用語言
- Acunetix檢索和分析網站的內容包括flash content, SOAP, AJAX
- 具有自動搜尋可用的網站伺服器技術之功能。
Acunetix 最新12版的新功能
- 掃描速度快2倍
- 支持最新的JavaScript技術(ES7)
- 面向Java Web應用程序的新AcuSensor
- 暫停和恢復掃描功能
- 直接從UI中排除站點結構中的特定路徑
- 包含密碼策略功能
產品特色
更多進階功能:
- 偵測Blind XSS及DOM-based XSS
- 偵測HPP弱點(HTTP Parameter Pollution)
- 支援自定義HTTP headers自動掃描
- 支援多個HTTP身份驗證憑證
- 可定義多重掃描規則便於以不同選項或身分掃描
- 可自行定義報表(報表產生器)
- 前後次掃描結果比對
- 網站變更後可輕易找出差異並重新檢核
- 支援圖型驗證碼CAPTCHA、 Single Sign-On 、雙因素認證等(Two Factorauthentication) 等驗證機制
- 檢查檔案目錄權限弱點
- 列出特殊HTTP回應列表,如其他Server錯誤訊息或HTTP500等以簡化例外處理
- 可設定排除造成誤判之檢查項目
- 檢查Web Server設定是否安全
- 可自動由web.config.file 匯入IIS 7 rewrites規則
- 可只掃描特定弱點以便於程式修改及驗證
- 文件上傳表單漏洞自動化測試
Acunetix 共三種版本提供( 1. Standard 2. Premium 3. Acunetix 360 )
| Architecture and Scale | Standard | Premium | Acunetix 360 |
| Unlimited Web Scanning | V | V | V |
| Multi-user | V | V | |
| User Roles and Privileges | V | V | |
| Multiple Scan Engines | V | V | |
| Number of Users | 1 | Unlimited | Unlimited |
| Max Number of Scan Engines | 1 | 1 | Unlimited |
| Acunetix Vulnerability Assessment Engine | Standard | Premium | Acunetix 360 |
| Scanning for 4500+ web application vulnerabilities | V | V | V |
| Scanning for 50,000+ network vulnerabilities | V | V | |
| Acunetix DeepScan Crawler | V | V | V |
| Acunetix AcuSensor (IAST Vulnerability Testing) | V | V | V |
| Acunetix AcuMonitor (Out-of-band Vulnerability Testing) | V | V | V |
| Acunetix Login Sequence Recorder | V | V | V |
| Manual Intervention during Scan | V | V | V |
| Malware URL Detection | V | V | V |
| Scanning of Online Web Application Assets | V | V | V |
| Scanning of Internal Web Application assets | V | V | V |
| Key Reports and Vulnerability Severity Classification | Standard | Premium | Acunetix 360 |
| Key Reports (Affected Items, Quick, Developer, Executive) | V | V | V |
| OWASP TOP 10 Report | V | V | V |
| CVSS (Common Vulnerability Scoring System) for Severity | V | V | V |
| Remediation Advice | V | V | V |
| Compliance Reports* | V | V | |
| Centralized Management and Extensibility | Standard | Premium | Acunetix 360 |
| Dashboard | V | V | V |
| Scheduled Scanning | V | V | V |
| Notifications | V | V | V |
| Continuous Scanning | V | V | |
| Target Groups | V | V | |
| Assign Target Business Criticality | V | V | |
| Prioritize by Business Criticality | V | V | |
| Trend Graphs | V | V | |
| WAF Virtual Patching** | V | V | |
| Issue Tracking Systems Integration | V | V | |
| Jenkins Plug-in Integration | V | V | |
| CI/CD Integration (TeamCity, Azure, GitLab) | V | ||
| Assign Target Management to Users | V | V | |
| Integration APIs | V | V | |
| Slack integration | V |
* PCI DSS, ISO/IEC 27001; The Health Insurance Portability and Accountability Act (HIPAA); WASC Threat Classification; Sarbanes-Oxley; NIST Special Publication 800-53 (for FISMA); DISA-STIG Application Security; 2011 CWE/SANS Top 25 Most Dangerous Software Errors.
** Imperva SecureSphere, F5 BIG-IP Application Security Manager and Fortinet FortiWeb WAF
Activating your Acunetix Installation 如何進行Acunetix安裝授權步驟
After the installation, Acunetix needs to be activated using your license key. This can be done using the Acunetix Activation utility which can be loaded from the Acunetix program group. Insert your License key and your details and proceed with the product activation.
At this stage, you can also choose to Register your installation with the AcuMonitor service. AcuMonitor is used to detect certain type of vulnerabilities, such Blind XSS, SSRF, XXE and other out of band vulnerabilities which can only be detected using an intermediary service.
Production activation does require a connection to the internet.
Upgrading Acunetix 如何將Acunetix 11版升級
Note that Acunetix version 11 has undergone a major update. With the exception of Login Sequences, the settings and reporting data from previous versions cannot be used in version 11. Acunetix version 11 can be used on the same machine as previous versions - in which case, you should just install version 11 as per above.
To upgrade a previous version of Acunetix to the latest version:
Close all instances of Acunetix (and related utilities such as the Reporter)
Optionally backup the Login Sequences if you would like to use these in in the newer version. These can be copied from
From the Acunetix Program Group, select to uninstall the product.
Install the newer version of Acunetix.
You can re-use the Login Sequences in version 11 by configuring these in the Site Login Section of the Targets.
系統需求
Minimum System Requirements
- Supported Operating systems
- Microsoft Windows 7 or Windows 2008 R2 and later
- Ubuntu Desktop/Server 16.0.4 LTS or higher
- Suse Linux Enterprise Server 15 and openSUSE Leap 15.0
- Kali Linux versions 2018.4 and 2019.1
- We are actively testing other Linux distributions. Please let us know if you have requests for specific distros.
- CPU: 64 bit processor
- System memory: minimum of 2 GB RAM
- Storage: 1 GB of available hard-disk space.
- This does not include the storage required to save the scan results - this will depend on the level of usage of Acunetix.
