Acunetix 13 web app security scanner comes with many innovations

Acunetix 13 comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more.

Unparalleled performance

Scanning complex web applications using traditional web vulnerability scanners may take hours, having a serious impact on production site performance and internal processes. Acunetix addresses this problem by introducing even more innovations that improve scanning performance.

The SmartScan engine included with Acunetix 13 prioritizes unique pages to discover more vulnerabilities early on. In most cases, Acunetix SmartScan can find approximately 80 percent of vulnerabilities in the first 20 percent of the scan. The newest Acunetix engine also reduces the number of requests required to find vulnerabilities, which lessens the site load during the scan.

In addition to the SmartScan engine, the newest Acunetix release also introduces incremental scanning. You can choose to scan only the elements of your web application that have changed since the last full scan. On average, it shortens the process by 90 percent or more.

Security coverage

With the release of Acunetix 13, network scanning functionality is now available on all platforms. Web vulnerabilities and network vulnerabilities are part of the same assessment and management processes.

In addition to the previously available malicious link discovery function, the newest Acunetix release also introduces web malware scanning. Acunetix discovers scripts on websites and web applications, downloads them, and scans them locally using Windows Defender on Windows or ClamAV on Linux.

Advances in automation

Acunetix 13 introduces two new features that greatly improve automation, especially in the case of larger organizations. The vulnerability confidence level clearly indicates whether the vulnerability may need further manual confirmation. Critical vulnerabilities typically have a 100 percent confidence level, which means that they are fully verified. For most such vulnerabilities, Acunetix now also provides a proof-of-exploit, such as the content of a sensitive file downloaded from the server.

The newest release also enhances the import and integration capabilities of Acunetix. The scanner can now additionally import WADL, ASP.Net WebForms, and Postman files to seed the crawl. You can also export vulnerabilities to even more issue trackers: GitLab, Bugzilla, and Mantis.

Technology improvements

With all the new advances comes an improved user interface, featuring better sorting and filtering as well as response highlighting and improved accessibility.

In addition to the above innovations and improvements, the Java AcuSensor technology now supports the Spring framework, while the DeepScan crawling engine can now directly recognize Angular 2, Vue, and React frameworks and adjust crawling to their requirements.

“Acunetix has always focused on performance and accuracy and the newest release is yet another proof of this,” said Nicolas Sciberras, CTO. “You cannot find these unique features in any other product.”