Vulnerability Scanner Version 3.0 Combats Rise in “Google Hacking” Attacks

Seattle, Washington - November 21, 2005 – Acunetix, a leading security software company focused exclusively on helping enterprises secure their web applications and web sites, today announced the next-generation version of Acunetix Web Vulnerability Scanner, which provides a comprehensive solution to detecting system vulnerabilities that are frequently exploited by hackers.

Acunetix Web Vulnerability Scanner provides a complete solution by automatically auditing website security. The software crawls an entire website, launches popular web attacks (SQL Injection, Cross Site scripting, Google hacking, etc.) and identifies vulnerabilities that need to be fixed.

The Achilles Heel in Enterprise Security Strategies: Web Applications

Increasingly, hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, and dynamic content. A Gartner Group study determined that 75% of cyber attacks are done at the web application level. Web applications are accessible 24 hours a day, 7 days a week and are a passageway to valuable data: customer and employee databases, transaction information and proprietary corporate data. Many enterprises have addressed network security issues and have implemented firewall technology but have not yet protected their “crown jewels” – data that can be compromised via web application hacks.

The first reported instance of a Web application attack was perpetrated in 2000. While making online transactions with a large bank, a 17 year-old Norwegian boy noticed that the URLs of the pages he was viewing displayed his account number as one of the parameters. He substituted his account number with the account numbers of random bank customers and immediately gained access to customer accounts and personal details. Myriad other hackers have followed in his footsteps, exploiting hundreds of different techniques to compromise web applications and exploit what is fast becoming the biggest Achilles heel in an organization’s security strategy.

“Web applications are now the prime target for hackers. A quick hack of a vulnerable web application can give instant access to valuable data such as customer credit cards and employee social security numbers” said Nick Galea, CEO of Acunetix. “New hacking techniques emerge every day. Auditing one’s web applications should be the number one security concern for every enterprise.”

Version 3.0 of Acunetix Web Vulnerability Scanner Protects Against Google Hacking and Other New Threats

With this newest release of Acunetix Web Vulnerability Scanner, security administrators have access to a host of new features that will protect their web applications and web sites.

Prevention of Google Hacking

Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a hacker database of queries that can identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling sites and launching the Google Hacking Database queries directly onto the crawled content.

Version 3.0 of Acunetix Web Vulnerability Scanner launches all the queries found in the Google hacking database onto the crawled content of enterprise websites thus finding any sensitive data or exploitable targets before a “search engine hacker” does. Acunetix is first to market with a solution that detects Google hacking vulnerabilities.

Other New Features

Over forty new features and enhancements have been introduced in the latest release of Acunetix Web Vulnerability Scanner. Enhancements include sophisticated testing for buffer overflows & input validation, automatic detection of custom error pages, enhanced abilities to scan websites which are password protected, automatic HTML form fillers, the ability to crawl Macromedia Flash files, and numerous other new features.