|
|
|
|
|
|
|
With the uptake of cloud computing and the advancements in browser technology, web applications and web services have become a core component of many business processes, and therefore a lucrative target for attackers. Over 70% of websites and web applications however, contain vulnerabilities that could lead to the theft of sensitive corporate data, credit cards, customer information and Personally Identifiable Information (PII).
Firewalls, SSL and Hardened Networks Are Futile Against Web Application Hacking
Cyber criminals are focusing their efforts on exploiting weaknesses in web applications such as eCommerce platforms, blogs, login pages and other dynamic content. Insecure web applications and web services not only provide attackers access to backend databases but also allow them to perform illegal activities using compromised sites.
Web application attacks are carried out over HTTP and HTTPS; the same protocols that are used to deliver content to legitimate users. Yet web application attacks, both on free open-source software, such as WordPress, Drupal and Joomla!, as well as commercial or custom-built applications, can have repercussions that are the same, or worse than traditional network-based attacks.
The Technology Leaders in Automated Web Application Security
DeepScan Technology allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage complex technologies such as SOAP/WSDL, SOAP/WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations.
Industry’s most advanced and robust SQL Injection and Cross-site Scripting testing, including advanced detection of DOM-based Cross-site Scripting.
AcuSensor Technology allows accurate scanning further reducing the false positive rate, by combining black box scanning techniques with feedback from its sensors placed inside the source code.
Fast, Accurate, Easy to Use
Multi-threaded, lightning fast crawler and scanner that can crawl hundreds of thousands of pages without interruptions.
Highest detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress’ core, themes and plugins.
An easy to use Login Sequence Recorder that allows the automatic crawling and scanning of complex password protected areas including multi-step, Single Sign-On (SSO) and OAuth-based websites.
Easily generate a wide variety of technical and compliance reports aimed towards developers and business owners alike.
Perpetual or Subscription Licenses
Acunetix on-premises is sold as a 1 Year Subscription license or as a Perpetual license. The Standard, Pro and Enterprise Editions are available in both forms. Generally, the Perpetual license is more cost-effective over a number of years (lower Total Cost of Ownership).
Support and version upgrades are included for free for the full duration of the 1 year license, however it is only included for the first year of the Perpetual license. To extend this period of support and free version upgrades to one or more years, a maintenance agreement should be purchased along with the perpetual license.
Standard Edition x2 Concurrent Scans (Unlimited Sites/Servers)
The Standard Edition is the entry level presentation of Acunetix and may be used to scan an unlimited number of websites, limited to 2 concurrent scans from the same single fixed install computer. The typical Standard Edition customer is a single workstation user responsible for security posture and compliance, who wishes to undertake standalone pen-testing with the support of some excellent developer reports and with the remediation tips Acunetix is Now renowned for.
As of the launch of v11, the Standard Edition replaces and continues from the previously named Enterprise product. The term Enterprise is now reserved for larger multi-user and, optionally, multi-engine licenses at the other end of the scale. Holders of Enterprise (x2 Concurrent Scan) Edition v10.5 licenses or earlier, will upgrade automatically to the Standard Edition in v11 against a valid maintenance or subscription agreement and the product part numbers remain the same.
Pro Edition x5 Concurrent Scans
The Pro Edition x5 Concurrent Scan license is ideal for the power user requiring more detailed compliance reports and integration with the software production train. The Pro Edition supports 5 concurrent scans from the same single fixed install computer.
The Pro Edition customer could be an outsourced or insourced security professional leading more advanced projects such as setting up a professional application security vulnerability management program within an organization. This user would be responsible for security posture and compliance. The Pro Edition has access to many Enterprise features, such as: the ability to group and classify asset targets for better vulnerability remediation prioritization; integration with Software Development Life Cycle (SDLC) project management or issue tracking systems; comprehensive compliance reports;integration with top Web Application Firewalls (WAFs); informative trend graphs for use by top management.
As of the launch of v11, the Pro Edition replaces and continues from the previously named Consultant 5 Concurrent Scan product. Holders of Consultant (x5 Concurrent Scan) Edition v10.5 licenses or earlier, will upgrade automatically to the Pro Edition in v11 against a valid maintenance or subscription agreement and the product part numbers remain the same.
Enterprise Edition x10 Concurrent Scans
The Enterprise Edition x10 Concurrent Scans adds multi-user, collaborative team capability and can also control multiple Acunetix scan engines.
As a threats and vulnerability management program develops within an organization engaged heavily in application development, the customer can scale up and roll out to multiple users including top management, governance, risk and compliance (GRC) personnel. The Enterprise Edition customer has full role-based multi-user team support and the ability to deploy multiple scan engines managed by the central system while with the entry-level Enterprise 3, 5, 10 user licenses the single fixed install comprises both the central system and the scan engine installation. The Enterprise Edition can scale from 3 to unlimited users and up to 50 Acunetix scan engines.
Highest Crawl and Analysis Rate for HTML5 and JavaScript Security
A fundamental process during any scan is the scanner’s ability to properly crawl an application. Acunetix features DeepScan Technology; an HTML5 crawling and scanning engine that fully replicates user interaction inside of a browser by executing and analyzing JavaScript. DeepScan allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage technologies such as AngularJS, EmberJS and Google Web Toolkit.
Accurately Crawl and Scan with DeepScan Technology
Acunetix includes Acunetix DeepScan Technology which allows the scanner to robustly test any application, no matter what web technology it’s written in.
At the heart of DeepScan, is a fully automated web browser that can understand and interact with complex web technologies such as AJAX, SOAP/WSDL, SOAP/WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations just like a regular browser would. This allows Acunetix to test web application just as though it is running inside of a user’s browser, allowing the scanner to seamlesly interact with complex controls just as a user would, significantly increasing the scanner’s coverage of the web application.
DeepScan has been further optimized to analyze websites and web applications developed in Ruby on Rails and Java Frameworks including Java Server Faces (JSF), Spring and Struts.
Highest Crawl and Analysis Rate for HTML5 and JavaScript Security
A fundamental process during any scan is the scanner’s ability to properly crawl an application. Acunetix features DeepScan Technology; an HTML5 crawling and scanning engine that fully replicates user interaction inside of a browser by executing and analyzing JavaScript. DeepScan allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage technologies such as AngularJS, EmberJS and Google Web Toolkit.
Accurately Crawl and Scan with DeepScan Technology
Acunetix includes Acunetix DeepScan Technology which allows the scanner to robustly test any application, no matter what web technology it’s written in.
At the heart of DeepScan, is a fully automated web browser that can understand and interact with complex web technologies such as AJAX, SOAP/WSDL, SOAP/WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations just like a regular browser would. This allows Acunetix to test web application just as though it is running inside of a user’s browser, allowing the scanner to seamlesly interact with complex controls just as a user would, significantly increasing the scanner’s coverage of the web application.
DeepScan has been further optimized to analyze websites and web applications developed in Ruby on Rails and Java Frameworks including Java Server Faces (JSF), Spring and Struts.
Hassle-free Authenticated Web Application Testing
Testing authenticated areas of your websites and web applications is absolutely crucial to ensure full testing coverage. Acunetix can automatically test authenticated areas by recording a Login Sequence using the Login Sequence Recorder. The Login Sequence Recorder makes it quick and easy to record a series of actions the scanner can re-play to authenticate to a page. The Login Sequence Recorder can also record a series of Restrictions; making it trivial to granularly limit the scope of a scan in a few clicks.
Acunetix Login Sequence Recorder supports a large number of authentication mechanisms including
Malware URL Detection
Acunetix includes a malware detection service that detects URLs linking to external sites known to host malware or that are known to be used for phishing attacks.
Such links may indicate that the site being scanned has either been compromised, or that somehow an attacker has managed to inject URLs to the malicious site. It may also indicate that a legitimate site that your site links to has been compromised and is hosting malware.
Highest SQL Injection and XSS Detection Rate
Holistic and accurate vulnerability detection lies in the ability to detect anything from the most obvious to the most obscure SQL Injection, XSS and over 500 other types of web application vulnerabilities. Acunetix is the industry leader in detecting the largest variety of SQL Injection and XSS vulnerabilities, including Out-of-band SQL Injection and DOM-based XSS.
In-depth SQL Injection and Cross-site Scripting (XSS) Vulnerability Testing
Acunetix rigorously tests for hundreds of web application vulnerabilities including SQL Injection and Cross-site Scripting. SQL Injection is one of the oldest and most prevalent of software bugs; it allows attackers to modify SQL queries in order to gain access to data in the database. Cross-site Scripting attacks allow attackers to execute malicious scripts inside your visitors’ browser; possibly leading to impersonation of that user.
When it comes to Dynamic Application Security Testing (DAST), while the number of tests a scanner can run is important, it is secondary to how well it can crawl an application – If you can’t crawl it, you can’t scan it! Acunetix DeepScan Technology has the ability to crawl complex client-side Single Page Applications (SPAs), guaranteeing the highest vulnerability detection rate even in client-side vulnerabilities such as DOM-based XSS vulnerabilities.
Advanced Automated DOM-based XSS Vulnerability Testing
DOM-based XSS is an advanced type of XSS attack which is made possible when the web application’s client-side scripts write user provided data to the Document Object Model (DOM). The data is subsequently read from the DOM by the web application and outputted to the browser. If the data is incorrectly handled, an attacker can inject a payload, which will be stored as part of the DOM and executed when the data is read back from the DOM.
DOM-based XSS is often a client-side attack, and the attacker’s payload is never sent to the server. This makes it even more difficult to detect. Acunetix can scan for a wide range of advanced DOM-based XSS and also provide a stack-trace of the injected payload as it moves inside of the browser’s DOM.
Detection of Blind XSS, XXE, SSRF, Host Header Attacks and Email Header Injection
Traditional methods of detecting vulnerabilities fall short when attempting to detect second-order vulnerabilities; i.e. testing for vulnerabilities that do not provide a response to a scanner during testing. Detection of second-order vulnerabilities requires an intermediary service; Acunetix, combined with it’s built-in AcuMonitor Technology, makes automatic detection of such vulnerabilities possible and transparent to the user running the scan.
AcuMonitor allows the detection of vulnerabilities such as Blind XSS, XML External Entity Injection (XXE), Server Side Request Forgery (SSRF), Host Header Attacks, Email Header Injection and Password Reset Poisoning.
Lowest False Positives Guarantees Effective Web Application Security
Acunetix’s unique AcuSensor Technology enhances a regular dynamic scan through an Interactive Application Security Testing (IAST) deployment of sensors inside the source code. AcuSensor will then relay feedback to the scanner during the source code’s execution. In web application security testing, the combination of black-box and white-box testing (commonly referred to as gray-box testing) further enhances the scanner’s detection rate.
Interactive Security Testing with AcuSensor
Traditional web application security testing (black-box testing) will not see how code behaves during execution and source code analysis will not always understand what happens when code is in execution. AcuSensor marries these two methodologies and is able to achieve a significantly higher detection of vulnerabilities. Typically, SQL injection vulnerabilities can only be found if database errors are reported, or through ‘blind’ techniques. With AcuSensor, SQL Injection vulnerabilities can be detected in all SQL queries; including INSERT statements.
Pinpoints Exact Location of Vulnerabilities
AcuSensor technology can indicate the line of code where the vulnerability lies and report additional debug information. This greatly increases remediation efficiency and makes the developer’s task of fixing the vulnerabilities easier.
Back-end File Crawling
AcuSensor can run a back-end crawl, presenting all files accessible through the web server to the scanner; even if these files are not linked through the front-end application. This ensures 100% coverage of the application, and alerts users of any backdoor files that might have been maliciously uploaded by an attacker.
Lowest False Positive Rates
Detection of inexistent vulnerabilities are a nightmare to deal with. False positives reduce confidence in the scanner and waste the time of pen-testers and developers alike in trying to find and fix vulnerabilities. Acunetix excels with the lowest false positive rate in the industry, saving valuable time for your security and development teams.
AcuSensor Technology can automatically verify vulnerabilities found through black box scanning techniques by performing additional tests during the execution of the application’s source code. This allows an Acunetix scan to give a near to 0% false positive rate when AcuSensor is used.
AcuSensor Detects Critical Vulnerabilities with 100% Accuracy
Vulnerability Management and Regulatory Compliance Reports
Vulnerability Management (VM) is the ongoing effort of discovering, measuring and remediating vulnerabilities. Organizations use vulnerability management to avert threats posed by the exploitation of applications and network infrastructure. Acunetix bakes advanced vulnerability management features right-into it’s core, making it easy to kick-start your vulnerability management program, as well as integrate the scanner’s results into other tools and platforms.
Your Vulnerability Management Program in One Consolidated View
It takes teamwork and collaboration to build and maintain a great security program. The Acunetix multi-user, multi-role features allow your Team to be flexible and productive while getting access only to resources they need. Vulnerability Management features allow your Team to easily maintain an integrated view of your security posture throughout your application portfolio by storing everything pertaining to your application security program into a single, central location.
Acunetix removes the need for managing your application security program in multiple PDFs, spreadsheets and other silos of information, and instead, allows you to continuously and automatically secure your application portfolio while managing risk exposure from one consolidated view.
Track Issues, not PDFs
Development Teams manage their work-load in Issue Trackers to fix bugs, track the progress of new features and manage deadlines. Going to developers with a “300-page PDF” full of security issues that need attention is counterproductive and creates a communication barrier.
Acunetix integrates with Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS) to bring vulnerabilities found by Acunetix into the hands of developers, while still providing management with the historical data, trending and prioritization tools they need in order to ask questions and make strategic decisions.
Integrating security issues into the software development life-cycle is key to the success of any vulnerability management program since it reduces time and effort to remediate issues by keeping everything developers need to do within the same set of tools.
Advanced Management and Compliance Reporting
Acunetix allows you to easily generate a wide variety of detailed technical, management and compliance reports such as PCI DSS, OWASP Top 10, ISO 27001 and HIPAA.
These reports allow you to share security findings internally with management and with regulatory bodies. Reports can focus either on a single Scan, on a specific Target or even an arbitrary group of Scans or Targets.
WordPress Security Scan Features
With more than 24% of websites on the Internet running WordPress, and a 60% share of the Content Management System (CMS) market; WordPress security is becoming an increasingly important factor in an organization’s security posture.While WordPress’ core is designed with security in mind, the same cannot be said for the thousands of plugins which extend the WordPress ecosystem. Unfortunately, thousands of WordPress plugins contain high-severity vulnerabilities. Unless vulnerable plugins are updated or disabled, they could allow attackers to easily compromise the integrity and availability of the site, gain access to the WordPress administrative interface and the database, as well as deface the site and trick users into phishing attacks, or use the site to distribute malware.
Scan for Vulnerable WordPress Plugins
Acunetix identifies WordPress installations, and will launch security tests for over 1200 popular WordPress plugins, as well as several other vulnerability tests for WordPress core vulnerabilities. In addition, Acunetix will also conduct other WordPress-specific configuration tests such as weak WordPress admin passwords, WordPress username enumeration, wp-config.php backup files, malware disguised as plugins and old versions of plugins.
The WordPress plugins detected, are listed in the WordPress plugins Knowledge Base including a description, version number detected and latest version of plugin to update to. Similar checks are also performed on other Content Management Systems such as Joomla! and Drupal.
WordPress Configuration File Disclosure
Although most of the common configuration settings are available through the WordPress admin interface, the WordPress administrator might need to alter certain settings from wp-config.php directly. This is often done by first creating a backup of the known working configuration, before proceeding with manually altering the file in a text editor. However, the backed up file becomes available to whoever is able to guess the name of the backup file.
Username Enumeration and Weak Password Guessing
Acunetix runs tests for username enumeration of WordPress accounts. Enumerating usernames gives attackers a head-start when attacking your WordPress installation, since an attacker would have the necessary information to launch a password dictionary attack against the enumerated usernames.
Based on the users identified during the scan, Acunetix will also attempt to detect if the enumerated users are using weak passwords based on a password list, as well as other combinations, including the use of leetspeak.
Not just WordPress
In addition to detection of vulnerable versions of WordPress core, plugins and misconfigurations, Acunetix can also detect vulnerabilities in Joomla! and Drupal installations. Following WordPress, Joomla! and Drupal are among the most widely deployed Content Management Systems (CMSs) and have their own share of vulnerabilities and misconfigurations.
Advanced Features: Pen-Testing Tools and WAF configuration
Acunetix includes advanced tools for penetration testers to further automated testing, integration with external tools, as well as tools to aid in testing business-logic web applications.
Take Automated Scanning Further
Use the integrated HTTP Editor to export HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response.
Intercept, log and modify HTTP traffic sent to and from a web application on the fly using Traps with support for regular expressions using the integrated HTTP Sniffer. Extend manual HTTP traffic inspection by using captured traffic to build a custom crawl structure that can be used as part of an automated scan.
Fuzz HTTP requests to test validation and handling of invalid or random data using a variety of built-in fuzzers. Filter fuzzed HTTP requests with HTTP Fuzzer filters with support for regular expressions.
Export Blind SQL Injection vulnerabilities from automated scans, and perform automated database data extractions using the Blind SQL Injector.
Import manual crawl data from the built-in HTTP Editor, third-party tools such as Telerik Fiddler, Portswigger BurpSuite, and HAR (HTTP Archive) files.
Automatic Web Application Firewall (WAF) configuration
Sometimes, it’s not possible to roll-out a fix to a high-severity vulnerability there-and-then. Acunetix integrates with Imperva SecureSphere, F5 BIG-IP Application Security Manager and FortiWeb WAF and can automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that the scanner finds. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them.
Integration and Extensibility
Acunetix features a powerful Command Line Interface (CLI) and RESTful Application Programming Interface (REST API). The REST API allows access and management of Scan Targets, Scans, Vulnerabilities, Reports and other resources within an Acunetix in a simple, programmatic manner using conventional HTTP requests. The API’s endpoints are intuitive and powerful, allowing you to easily retrieve information and execute actions.
Key Features of Acunetix Online’s Network Security Scanner
Comprehensive security audits require detailed inspection of the perimeter of your public-facing network assets. Acunetix has integrated the popular OpenVAS scanner within Acunetix Online to provide a comprehensive perimeter network security scan that integrates seamlessly with your web application security testing, all from an easy to use simple cloud-based service.
Scan Perimeter Network Services
Insecure perimeter networks are the cause of most data breaches. The perimeter is therefore one of the most important areas of your network to secure against vulnerabilities, misconfiguration and other security threats that could compromise security or availability of network services.
Acunetix Online extends your network’s visibility to outside threats and provides you with a perspective of your network’s perimeter just like an attacker would see it.
Every network scan will initially start with a port scan of the IP address the scanning target in order to discover open ports and running services. Open ports are then tested for over 35,000 known vulnerabilities and mis-configurations.
Testing for Network Vulnerabilities
Network vulnerability tests performed during a scan include assessing security testing of detected devices such as routers, firewalls, switches and load balancers; testing for weak passwords on common protocols such as FTP, IMAP, database servers, POP3, Socks, SSH and Telnet; Testing for DNS-related server vulnerabilities such as DNS zone transfer attacks, open recursive DNS attacks and DNS cache poisoning attacks; testing for badly configured Proxy Servers, weak SNMP community strings, weak TLS/SSL ciphers and many other security weaknesses.
The scan’s findings are then presented inside the Acunetix Online dashboard, from where a network security report can be easily generated.
Detecting Network Security Mis-configurations
Acunetix Online can detect a wide array of network security mis-configurations that could lead to sensitive data disclosure, denial of service or even compromise of hosts. Tests include testing for anonymous FTP access and writable directories over FTP, badly configured Proxy Servers, weak SNMP community strings, weak TLS/SSL ciphers and many other security weaknesses.
Acunetix (on premise) is available as a Standard Edition 2 concurrent scans, a Pro Edition 5 concurrent scans and an Enterprise Edition 10 Concurrent Scans.
|
Standard |
Pro |
Enterprise |
|
|---|---|---|---|
|
Architecture and Scale |
|||
|
Unlimited URL Scanning |
√ |
√ |
√ |
|
Multi-user |
√ |
||
|
User Roles and Privileges |
√ |
||
|
Number of Users |
1 |
1 |
3 – Unlimited |
|
Multiple Scan Engines |
√ |
||
|
Max Number of Scan Engines |
1 |
1 |
1 – 50 |
|
Total Concurrent Scans per License |
2 |
5 |
10 – 100 |
|
Standard |
Pro |
Enterprise |
|
|
Acunetix Vulnerability Assessment Engine |
|||
|
Scanning for 3000+ web application vulnerabilities |
√ |
√ |
√ |
|
Acunetix DeepScan Crawler |
√ |
√ |
√ |
|
Acunetix AcuSensor (Gray-box Vulnerability Testing) |
√ |
√ |
√ |
|
Acunetix AcuMonitor (Out-of-band Vulnerability Testing) |
√ |
√ |
√ |
|
Acunetix Login Sequence Recorder |
√ |
√ |
√ |
|
Malware URL Detection |
√ |
√ |
√ |
|
Manual Pen-testing Tool Suite |
√ |
√ |
√ |
|
Scanning of Online Web Application Assets |
√ |
√ |
√ |
|
Scanning of Internal Web Application assets |
√ |
√ |
√ |
|
Standard |
Pro |
Enterprise |
|
|
Key Reports and Vulnerability Severity Classification |
|||
|
Key Reports (Affected Items, Quick, Developer, Executive) |
√ |
√ |
√ |
|
OWASP TOP 10 Report |
√ |
√ |
√ |
|
CVSS (Common Vulnerability Scoring System) for Severity |
√ |
√ |
√ |
|
Remediation Advice |
√ |
√ |
√ |
|
Compliance Reports* |
√ |
√ |
|
|
Standard |
Pro |
Enterprise |
|
|
Centralized Management and Extensibility |
|||
|
Dashboard |
√ |
√ |
√ |
|
Scheduled Scanning |
√ |
√ |
√ |
|
Continuous Scanning |
√ |
√ |
|
|
Target Groups |
√ |
√ |
|
|
Assign Target Business Criticality |
√ |
√ |
|
|
Prioritize by Business Criticality |
√ |
√ |
|
|
Trend Graphs |
√ |
√ |
|
|
WAF Virtual Patching** |
√ |
√ |
|
|
Issue Tracking Systems Integration*** |
√ |
√ |
|
|
Assign Target Management to Users |
√ |
||
|
Integration APIs+ |
√ |
||
* PCI DSS, ISO/IEC 27001; The Health Insurance Portability and Accountability Act (HIPAA); WASC Threat Classification; Sarbanes-Oxley; NIST Special Publication 800-53 (for FISMA); DISA-STIG Application Security; 2011 CWE/SANS Top 25 Most Dangerous Software Errors.
** Imperva SecureSphere, F5 BIG-IP Application Security Manager and Fortinet FortiWeb WAF
*** Atlassian JIRA, GitHub and Microsoft Team Foundation Server
† Subject to project qualification
Perpetual or Subscription Licenses
Acunetix on-premises is sold as a 1 Year Subscription license or as a Perpetual license. The Standard, Pro and Enterprise Editions are available in both forms. Generally, the Perpetual license is more cost-effective over a number of years (lower Total Cost of Ownership).
Support and version upgrades are included for free for the full duration of the 1 year license, however it is only included for the first year of the Perpetual license. To extend this period of support and free version upgrades to one or more years, a maintenance agreement should be purchased along with the perpetual license.
Standard Edition x2 Concurrent Scans (Unlimited Sites/Servers)
The Standard Edition is the entry level presentation of Acunetix and may be used to scan an unlimited number of websites, limited to 2 concurrent scans from the same single fixed install computer. The typical Standard Edition customer is a single workstation user responsible for security posture and compliance, who wishes to undertake standalone pen-testing with the support of some excellent developer reports and with the remediation tips Acunetix is Now renowned for.
As of the launch of v11, the Standard Edition replaces and continues from the previously named Enterprise product. The term Enterprise is now reserved for larger multi-user and, optionally, multi-engine licenses at the other end of the scale. Holders of Enterprise (x2 Concurrent Scan) Edition v10.5 licenses or earlier, will upgrade automatically to the Standard Edition in v11 against a valid maintenance or subscription agreement and the product part numbers remain the same.
Pro Edition x5 Concurrent Scans
The Pro Edition x5 Concurrent Scan license is ideal for the power user requiring more detailed compliance reports and integration with the software production train. The Pro Edition supports 5 concurrent scans from the same single fixed install computer.
The Pro Edition customer could be an outsourced or insourced security professional leading more advanced projects such as setting up a professional application security vulnerability management program within an organization. This user would be responsible for security posture and compliance. The Pro Edition has access to many Enterprise features, such as: the ability to group and classify asset targets for better vulnerability remediation prioritization; integration with Software Development Life Cycle (SDLC) project management or issue tracking systems; comprehensive compliance reports;integration with top Web Application Firewalls (WAFs); informative trend graphs for use by top management.
As of the launch of v11, the Pro Edition replaces and continues from the previously named Consultant 5 Concurrent Scan product. Holders of Consultant (x5 Concurrent Scan) Edition v10.5 licenses or earlier, will upgrade automatically to the Pro Edition in v11 against a valid maintenance or subscription agreement and the product part numbers remain the same.
Enterprise Edition x10 Concurrent Scans
The Enterprise Edition x10 Concurrent Scans adds multi-user, collaborative team capability and can also control multiple Acunetix scan engines.
As a threats and vulnerability management program develops within an organization engaged heavily in application development, the customer can scale up and roll out to multiple users including top management, governance, risk and compliance (GRC) personnel. The Enterprise Edition customer has full role-based multi-user team support and the ability to deploy multiple scan engines managed by the central system while with the entry-level Enterprise 3, 5, 10 user licenses the single fixed install comprises both the central system and the scan engine installation. The Enterprise Edition can scale from 3 to unlimited users and up to 50 Acunetix scan engines.
Multiple Concurrent Scan Licenses, and Multiple Concurrent Standalone User-installs or Extra Scan Engines
As described above, Acunetix can be used to run multiple concurrent scans of multiple websites from the same workstation. The Standard Edition can run 2 concurrent scans, the Pro Edition can run up to 5 concurrent scans, while the Enterprise Edition of the software can run 10 scans concurrently, or more, either at the central node (for 10 concurrent scans) or over multiple scan engines depending on the licensing options selected, the deployment configuration and architectural considerations.
Product delivery
Acunetix software products are delivered electronically. A license key and download location is sent to you by email within one business day of placing your order.
Delivery
Electronic Software Delivery, activated by means of a license key.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
