Acunetix Web Vulnerability Scanner

1.0 stars

"Do Not Run Acunetix WVS On An Active Website!"

May 23, 2012  |   By najrellim

Version: Acunetix Web Vulnerability Scanner 6.0.20081209

Pros

Extremely thorough even though the 30 Day demo only scans for XSS (Cross-site scripting).

Cons

Quote from the Acunetix blog: ""Will it damage my website?". Similar questions are common since black box scanners tend to cause email floods, as well as publishing of garbage blog posts and comments on blogs. If the automated scanner is configured to access a database-driven CMS administrator interface, the chances of garbage data being injected into the database or — even worse — records being deleted and damaging a live web application, are indeed very high."
This warning is not shown anywhere else on the Acunetix Free 30 Day Download page nor the Quick-Start PDF. As a result of not knowing this critical tid-bit, my company's web site, email, and database were all thoroughly attacked and all data corrupted. We lost a week's worth of internet sales, customer service inquiries, and product inventory updates.

Summary

If you have an exact clone of your entire website available on a completely separate server solely designated as a "test environment" with no connection to your live production environment, then Acunetix can render powerful "real-life" security information to you regarding your vulnerabilities. But first PLEASE go to the Acunetix blog (http://www.acunetix.com/blog/docs/invasive-vs-non-invasive-web-application-security-scan/)and read this warning from Robert Abela of Acunetix before using this product.

Reply to this review

Was this review helpful? (0) (0)