THE BENEFITS OF UNDERSTANDING TROUBLESHOOTING AND TUNING FOR ACUNETIX WEB VULNERABILITY SCANNING

Similar documents
How to Reduce Web Vulnerability Scanning Times

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

PCI Compliance. Network Scanning. Getting Started Guide

50 Tips for Closing Year End with Confidence. Sheri Carney

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Configuring Security for FTP Traffic

Nessus Cloud User Registration

4. Getting started: Performing an audit

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Changing Passwords in Cisco Unity 8.x

Passive Vulnerability Detection

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

Online Vulnerability Scanner Quick Start Guide

Automating Security Testing. Mark Fallon Senior Release Manager Oracle

Instructions for Activating and Configuring the SAFARI Montage Managed Home Access Software Module

Preparing Documents in the STARS Database

Configuring Security for SMTP Traffic

Software Vulnerability Assessment

IT Security & Compliance. On Time. On Budget. On Demand.

Kentico CMS security facts

To use PowerChute Web Device Manager, the Smart-UPS must connect to your network through one of the following types of servers or workstations:

How to Perform a Manual High Availability Failover

Security Event Management. February 7, 2007 (Revision 5)

Blended Security Assessments

LBi HR HelpDesk: IMPORTING EMPLOYEE DATA

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab

NETWORK PRINT MONITOR User Guide

SQL Server 2005 Advanced settings

Security Testing for Web Applications and Network Resources. (Banking).

Manager. Configuration Guide. ICS Software Solutions Clarendon House Church Lane Naphill HP14 4US Buckinghamshire

Secret Server Qualys Integration Guide

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

ESISS Security Scanner

Calibration Control. Calibration Management Software. Tools for Management Systems

Best Practices. Understanding BeyondTrust Patch Management

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

Avis Fleet Services United Road Towing Arizona

NetBrain Operator Edition Workspace Maintenance Workflow

Western Australian Auditor General s Report. Information Systems Audit Report

Using Device Discovery

Wireless computer access at K-State

Remote Monitoring Service - Setup Guide for InfraStruXure Central and StruxureWare 1 5

Understanding BeyondTrust Patch Management

Barcode Essentials Synchronization Explained

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

LockoutGuard v1.2 Documentation

Schools Remote Access Server

Windows Small Business Server 2003 Upgrade Best Practices

HTTPParameter Pollution. ChrysostomosDaniel

Web Application Security

Tenable for CyberArk

Document Exchange Server 2.5

How To Monitor Your Entire It Environment

Kodak Asset Management Software Client Module

State of Michigan Data Exchange Gateway. Web-Interface Users Guide

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Web Vulnerability Scanner v8 User Manual

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Cisco Advanced Services for Network Security

Content Optimization with HitsLink Improve conversion rates through Multivariate and A/B testing.

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

LogLogic Trend Micro OfficeScan Log Configuration Guide

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Solutions for Microsoft Project Server and Microsoft Dynamics GP Timesheet Integration

Marble & MobileIron Mobile App Risk Mitigation

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

HOW IS WEB APPLICATION DEVELOPMENT AND DELIVERY CHANGING?

Departmental (Service) Account Set Up

Windows XP Service Pack 2 Issues

Load Balancing IBM Lotus Instant Messaging and Web Conferencing Servers with F5 Networks BIG-IP System

Novell ZENworks Asset Management

Managing User and Computer Accounts

HP Universal Print Driver Series for Windows Active Directory Administrator Template White Paper

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Course 20411B: Administering Windows Server 2012

Managed Antivirus Quick Start Guide

Sentinel Installation Guide

Knowledge Base Articles

Application Performance Testing Basics

Dynamic DNS How-To Guide

Data Collection Agent for Active Directory

Issue Tracking Anywhere Installation Guide

ProxySG ICAP Integration

Metrics, methods and tools to measure trustworthiness

Transcription:

THE BENEFITS OF UNDERSTANDING TROUBLESHOOTING AND TUNING FOR ACUNETIX WEB VULNERABILITY SCANNING www.alliancetechpartners.com

www.alliancetechpartners.com THE BENEFITS OF UNDERSTANDING TROUBLESHOOTING AND TUNING FOR ACUNETIX WEB VULNERABILITY SCANNING Web Vulnerability Scanning is an important tool in the toolbox for many businesses, regardless of their size or industry. Being able to utilize such a tool confidently and effectively allows you to identify more vulnerabilities and risks you would otherwise miss. Another benefit of using web vulnerability scanning includes increased accuracy of scan results and understanding the results of those scans. Because of the complexity and multitude of options available for web vulnerability scanning tools, it can be difficult to use them to the fullest. That s why training on the troubleshooting and tuning options available is practically a necessity these days.

www.alliancetechpartners.com Understand Scans and Verify Findings Every business is different and they each have different security needs. Understanding the type of scans available through the Acunetix Web Vulnerability Scanning tool will help a company identify which type of scan needs to be run. Now that you understand what type of scan to run and how in depth it should be, you can begin to verify the findings. With the detailed reports provided by the scanning tool, you will then be able to understand the exact risks you face and discover how best to deal with them. Develop Strategies for Logging and Comparing Results The Compare Results tool allows you to analyze differences between results of multiple separate scans of the same application. Being able to effectively compare results along with having a sound strategy in place for logging and addressing them is critical in maintaining a secure network and web applications. Keep in mind that once you use the Compare Results tool, the left pane of the results page will display the contents of the original scan and the right hand pane will display the results of the second scan. Clicking on the middle column will showcase the differences between the two in detail. Utilizing Additional Functions The Acunetix Web Vulnerability Scanner has an assortment of tools designed to provide the most comprehensive web scan there is. It s important to know and understand what those tools do and how they are useful. Options such as the Parameter Exclusions,

www.alliancetechpartners.com Input Fields, and Variations are all vital to your understanding. You will also need to know how to properly utilize the HTTP Sniffer to build a better crawl. Parameter Exclusions allow you to specify specific parameters excluded from your scans. This is important when you only want to scan certain applications for vulnerabilities or when you need to have a scan performed on only a portion of your network in a short amount of time. Most websites include web forms of some kind that capture visitor data. The Input Fields option allows you to submit custom information during scans to garner more realistic scan results. You can also submit random data automatically. The Variations option allows you to specify the maximum number of variations for a file that is being scanned. This is useful in determining just how in depth you want the scan to be, influencing how long it could potentially take. Finally, the HTTP Sniffer is extremely useful for manual scans and allows you to capture and edit HTTP requests and responses exchanged between a web client and a web server. This tool also allows you to manually crawl sections of a website that cannot be crawled automatically by the Acunetix Web Vulnerability Scanner. The benefits of understanding various troubleshooting and tuning techniques can make or break the quality of the web vulnerability scan. Training is important to be able to gain such an understanding. The Acunetix certified engineers with Alliance Technology Partners are able to provide you with exactly what you need to get the most out of your Acunetix Web Vulnerability Scanner.

GET IN TOUCH CORPORATE HEADQUARTERS 18102 Chesterfield Airport Rd. Suite E Chesterfield, MO 63005 314 649 8888 St. Louis 314 649 8889 Fax 888 891 8885 Toll Free sales@alliancetechpartners.com