Acunetix Web Vulnerability Scanner (WVS) is a security tool that allows a site owner (or security consultant) to test their Web sites and the applications residing on them for known vulnerabilities and weaknesses. The tool automatically crawls the site, launching multiple controlled attacks against the pages and applications it finds in an attempt to identify potential security breaches.

Among the specific types of vulnerabilities and attacks tested for by the product are SQL injection, cross site scripting (XSS), CRLF injection, code execution, directory traversal, file inclusion, and, via manual tools, input validation, authentication attacks, and buffer overflows. In addition, servers can be checked for the existence of vulnerable products or enabled "dangerous" methods; and the site's content can be tested against queries from the Google Hacking Database.

Platform features and tools include:

- HTTP sniffer, allowing you to log, intercept, and modify HTTP and HTTPS traffic

- HTTP editor, allowing for the creation of custom HTTP requests for testing

- Rule-based testing for systematic input checking

- Automatic (and configurable) HTML form filling, including a macro recording tool

- Support for scanning profiles and scan compares

- JavaScript analyzer supporting the scanning of AJAX/Web 2.0 technologies

- A Web vulnerability editor enabling the creation of customized attacks

New in the latest release of Acunetix WVS is the inclusion of AcuSensor technology, which consists of sensor components deployed directly in the Web application's source code. These components then have the ability to communicate with the Web scanner detailed information about how the application handles the test input. Other new features include a port scanner and vulnerability checker (services found on open ports are checked for such vulnerabilities as weak passwords, service-specific issues such as DNS cache poisoning or weak SSL cipers, etc.); a network alerting tool; and a Blind SQL Injector tool that can perform an automated database data extraction for penetration testing.

Acunetix Web Vulnerability Scanner is available now. The product is offered in Small Business (one Web site), Enterprise (unlimited Web sites) and Consultant (allows for the scanning of unlimited 3rd party Web sites) versions. The Small Business and Enterprise versions of the product can only be used to scan sites that actually belong to the license holder. Pricing starts at $1,445 for a perpetual Small Business license and $3,195 for a one year Enterprise license. Free trial versions are also available.

Also available is a free version of the tool that will scan a Web site or application (that you operate) specifically for XSS vulnerabilities.

Visit the Acunetix Web site for further information.