Acunetix: Acunetix WVS checks for all web vulnerabilities including SQL injection, cross site scripting and many others. SQL injection is a hacking technique, which modifies SQL queries in order to gain access to data in the database. Cross-site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.
Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine that uses AcuSensor Technology. This is a unique security technology that quickly finds vulnerabilities with a low number of false positives, indicates where the vulnerability is in the code and reports debug information. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion, Authentication vulnerabilities and others.
Nessus: iBeta uses Tenable Nessus to perform network level security penetration testing. Nessus employs over 40,000 plugins to test for network level vulnerabilities. Typically, Tenable produces plugins for vulnerabilities within 24 hours of its public release. iBeta produces an Executive level summary and a Detailed Report for any vulnerabilities discovered. The Detailed Report has instructions or links to help your IT personell to correct the problem.
Wireshark: Wireshark is a network eavesdropping tool which iBeta uses in conjunction with Nessus scans to verify the IP address(es) for a Nessus scan. iBeta also uses the tool to analyze typical unit operations performed over a network to check for vulnerabilities such as session-hijacking or the transmission of content in an insecure manner.
Nessus and Acunetix scans are complementary:
iBeta believes that the best way to view the two tools is that Nessus tests for vulnerabilities from a website that might consist of entirely static content. That is, the website consists of a server that responds to web browser requests with files containing little or no active content.
Acunetix, on the other hand, tests for vulnerabilities in the active nature of a web site or web application. Those types of websites accept user input and transform the user input into new content. In doing so, these sites are active and very often have interfaces to a database, other servers etc. Acunetix tests such websites for vulnerabilities such as the cross-site scripting family and SQL injection family of exploits.