Acunetix Web Vulnerability Scanner - E-SPIN Group

2y ago
25 Views
2 Downloads
3.83 MB
30 Pages
Last View : 18d ago
Last Download : 2m ago
Upload by : Ellie Forte
Transcription

Web Application Security SolutionAcunetix Web Vulnerability Scanner Since 2005 E-SPIN SDN BHD. All Right Reserved.www.e-spincorp.com

CopyrightedCopyright (c) 2005 - 2011 by E-SPIN Sdn. Bhd. All rights reserved.No part of this solution/product/training presentation/handout may be reproduced, stored in aretrieval system, or transmitted in any form or by an means, electronic, mechanical,photocopying, recording, scanning, or otherwise, without either the prior written permission ofE-SPIN, or authorization through payment of the appropriate per-copy fee to E-SPIN, tel (603)7728 2866, fax (603) 7725 4757, or on the web at www.e-spincorp.comLimit of Liability / Disclaimer of Warranty: While the author have used their best efforts in preparingthis solution/product/training presentation/handout, they make no representations orwarranties with respect to the accuracy or completeness of the contents and specificallydisclaim any implied warranties of merchantability or fitness for a particular purpose. Nowarranty may be created or extended by sales representatives or written sales materials. Theadvice and strategies contained herein may not be suitable for any situation. You should consultwith a professional where appropriate. Neither the author shall be liable for any loss of profit orany other commercial damages, including but not limited to special, incidental, consequential,or other damages.For general information on our other products and services or for technical support, please contactour customer service department at (603) 7728 2866, fax (603) 7725 4757, or email info@espincorp.com.

E-SPIN Group Profile Enterprise Solutions Professional on Information and Network(E-SPIN) E-SPIN Sdn Bhd (Enterprise Technology Solution) (Project Outsourcing/ISV) (International Technology Distribution) Requirement Analysis Solutions Development Training and Consultancy Project Coaching and BlueprintAdvisory Performance & Load Testing,Security Assessment & PenetrationTest, Vulnerability Patching &System hardeningTechnology SolutionsConsultingDistribution &Trading, NetworkSystem Integration Technology Product Distribution& Trading Hardware, Software and Service Global Sourcing and SingleProcurement Turnkey Project Managementand Delivery Standalone, Client/Server & WebApplication Customization / Integration /Migration Web Design, PortalDevelopment, Custom WebApp Web and Application HostingIndependentSoftware Vendor(ISV)Project SharedService Outsourcing(SSO) Software as a Service (SaaS) Project implementation,training, and maintenanceoutsourcing

E-SPIN Business Domain B.A.S.E.Enterprise Solutions PortfolioBusiness and Technology Applications Business Process and WorkflowAutomation Sales Force Automation and CustomerRelationship Management (CRM) Business Intelligence, DataWarehousing and PerformanceManagement System (PMS) Datacenter Global Integration, ServerConsolidation and InfrastructureVirtualization WAN / Web Application Accelerationand Bandwidth Optimization, OpenSource Application and Initiative Media and Broadcasting Technologiesand Automation Network Management System (NMS),Network/System/App Monitoring,Alerting, Reporting Helpdesk and Remote Support;Computer lab and classroom trainingmanagementAvailability, Storage and BusinessContinuitySecurity, Risk and ComplianceManagement Data integrity, anti-hacking/ webdefacement and availability assurance Data backup, storage archiving,replication, mirroring Continuous Data Protection (CDP) andOnline Storage Protection Network, System and Data HighAvailability, Continuous Availability Business continuity and disasterrecovery (BCDR) External storage, Network AttachedStorage (NAS) and Storage AreaNetwork (SAN) Internet link load, bandwidthaggregation, application traffic serverload balancing Non-Stop mission critical systemhardware and network infrastructure High availability, system/networkhardware and software clustering, autofailover and redundancy High Availability, ContinuousAvailability Network, System and Data Windows Event and SyslogConsolidation Log Management andStorage Network & Wireless Security, Firewall /VPN, IPS, ID Mgt, Network AccessControl (NAC) Vulnerability Management, SecurityAssessment, Penetration Testing(Web/Application/Network/Database/Patch Mgt & Security Hardening,Security Event Management (SEM),Incident Correlation Analysis andReporting System; wired and wirelessTCP/IP traffic analysis; Exploitation Content Security, Employee PC ActivityMonitoring, Virus, Spyware, Phishing,Web, E-mail, IM, P2P Blocking andFiltering, Endpoint Security and PortManagement, Data Theft Prevention Data Encryption, Code, Files, E-mail,Database, Folders, Virtual Disk, FullDisk Encryption; Digital Steganography,Watermarking and DigitalFingerprinting; Secure Data Erasureand Destruction Digital Signature and Signing, MultiFactor Authentication, Managed,Automated, Secure File Transfer (SFTP)and Application Tunnelling, SecureDocument Exchange and Storage IT Governance, Risk Management, andRegulatory ComplianceEnd-to-End Complete One-StopSolutions Technology consulting, requirementassessment and solution development Ongoing education, training anddevelopment (in-house or on-site) Solution sourcing, integration,migration, project implementation,main / sub contracting andmaintenance support Independent Software Applicationdevelopment, integration andcustomization (standalone,client/server, web application) E-Business and Web Solutions, webdesign, portal development, ecommerce, web / domain / email /application hosting service Project information technology shareservice and outsourcing (SSO)

Clients Overview(Domestic & International)

How WVS can help? Known static methods:– Specific Web Applications knownexploits– Directory enumeration– Known Web Server exploits– Known Web technology exploits(e.g. php vulnerabilities)– Known network services exploits(e.g. DNS, FTP, SMTP) Unknown dynamic –SQL InjectionCross-site ScriptingDirectory and Link TraversalFile InclusionSource Code DisclosureCode ExecutionCommon File ChecksParameter ManipulationArbitrary file creation or deletionCRLF InjectionPath TruncationJava Applet reverse engineeringSession HijackingAuthentication AttacksGoogle Hacking DatabaseAcunetix WVS searches for all of theabove hacking methods and muchmore.

E-SPIN Web Application SecuritySolution

How Does Hacking Work?

Who use it for webapp VA audit/QAUS ArmyUS Air ForceBank of ChinaFujitsuThe PentagonAdidas GroupIBM DenmarkFrance TelecomUniversity of ReadingPricewaterhouseCoopersPanasonic Asia PacificLonely PlanetThe armed forces of NorwayState of North CarolinaWescom Credit UnionCalifornia department of JusticeActionAid UKand many more

Show Case – ING Group’s all CustomWeb application portalsING Banca NetworkING PortalING Employee BenefitsCorporate ClientING Medi-ConnectING Business PartnerING@My ServicesING Agency Network

Protected World Most Attacked Site,Portals, Web Applications

Show Case – Government/Government AgenciesLKIMSabah State Govt.Malaysia Anti Corruption Commission (MACC)University Malaya

Unique Benefit(s)OperationAutomatedCoverageWeb ServerManual, AdvancedDatabase ServerCustom ReportingCustomVulnerability Tagand TestApplication ServerFeature(s)Web/web svs scanSite CrawlerReporterVulnearbility editorCustomization optionadvanced penetration testingHTTP editorHTTP snifferHTTP FuzzerBlind SQL InjectorAuthentication TesterTarget FinderCompare ResultCommand Line SupportAcuSensor Technology

Unique Benefit(s)Quick Video Demo

E-SPIN WVS Complete SolutionUnique Value PropositionConsulting VArequirement Projectconsulting ProjectcoachingSupplying Software/ApplianceSupplying Application /equipmentrenting Paid asUseTraining /KnowledgeTransfer Basic 1 MDto 5MDAdvanceSystemAdmin GIACCertifiedTrainingand Exam CustomizedDeployment Installation,Scanning,reporting ProjectdocumentationMaintaining Softwareandsignatureupdatewarranty Localtechnicalsupport(withonsite)8x5/24x7Mix and Match CLIENT RequirementVulnerabilityResolution Vulnerabilityfixing Mitigationmodule ity Toolkit Complete rangeofsecuritytoolkitrange ofproduct /service One Stopserviceprovider/ vendor

Transfer of Technology OptionSkill NatureTransfer GroupTechnology Training Technical Staff End user technicalgroupApplication Training Security AssuranceAnalyst / Security Admin End userIndependent andTraining for In houseGlobal CertifieddomainTraining and Examexpert/consultantProject Consulting Real job in hand jointand Coachingexercise to transfer realskill set by “learned” itfirst handInitial exposure andmanagementawareness of theweb / applicationsecurity operation Technical Support End user operationspersonnel Department Manager End user operationsmanagerExtent of Skill Basic Web / Application SecurityTrainingHow it is transferred Formal Courses – 1 DayBasic System AdministrationTraining Operation of the application Formal Courses – 5 DayAdvanced hand on systemadministration trainingIndependent and Global recognize GIAC Subscribe for E-SPIN GIACcomplete range of training and testingcertified training certifiedtesting first hand experience on carry out real Participating in the real jobjob and duties from scanning,in hand, learn by doing andconfiguration, reporting, interpretation, observe how it is performingto vulnerability fixing and mitigationSubscribe for consultingsolution framework, to really executeservice with vulnerabilityvulnerability fixing / mitigation module fixing outsourcing for 30development, fix productionMan Dayvulnerability Exposure and knowledge in web / Visit sites in Europeapplication security operation in real-lifeenvironment

Vulnerability Management, Security Assessment,Penetration Testing Solution Since 2005 E-SPIN SDN BHD. All Right Reserved.www.e-spincorp.com

VulnerabilityAssessment(VA) Network Audit Server Audit System Audit ApplicationAuditNetwork, Server, System, Application Log Review WirelessNetwork andSecurity Aduit,PenetrationTesting OffensiveHacking, thenreport on thewirelesssecuritypostureNetwork, Server, System Vulnerability Assessment Industry defactor hostiledecompiler /disassembler tounlockprotectedbinary programinto sourcecode Remote trojan,keylogger forpc, serveractivitymonitoringincludescreenshotWireless Security Assessment, Penetration Testing OffensiveExploit ExploitResearch,Development,Testing Remote Trojan Exploit LibraryAddon forNetwork,System,Application,Database, VoIPSecurity ExploitHostile Source Code Reverse Engineering / Malware and Remote Trojan Web Server WebApplicationServer DatabaseServer Google Hacking Cross SiteScripting SQL Injection Dynamic SourceCode Analysis Black boxhacking White boxhacking DatabaseSecurity Source CodeDynamic andStatic AnalysisExploitation Framework, Development, LibraryApplication and Web Application SecuritySolution Complete Portfolio NetworkEquipment Server (Win &Non-Win) System &Workstation Application Log LogConsolidation,Review, Reportand AuditEnd to End Professional ServiceWarranty, Update,Maintenance Support 8x5xNBD 24x7Consulting, Coaching Project Consulting,Coaching,ImplementationTraining, Transfer ofTechnologies Certified Product SpecificVulnerability Fixing,Mitigation ModuleDevelopment Development Outsourcing

End to End Professional ServiceWarranty, Update,Maintenance Support 8x5xNBD 24x7Consulting, Coaching Project Consulting,Coaching,ImplementationTraining, Transfer ofTechnologies Certified Product SpecificVulnerability Fixing,Mitigation ModuleDevelopment Development OutsourcingNetwork, Server, System, Application Log ReviewNetwork, Server, System Vulnerability AssessmentWireless Security Assessment, Penetration TestingHostile Source Code Reverse EngineeringExploitation Framework, Development, LibraryApplication, DB, Source Code and Web Application SecuritySolution Complete Portfolio

Why Do Business with E-SPIN?Single VendorComplete SolutionAuthorizeDistributor Partnerfor PerformanceGuarantee /Principal SupportProject Consulting,Coaching,ManagementValuePropositionMOF CertifiedGovernmentSupplier &ConsultantVulnerabilityFixing, Hardening,Mitigation ModuleDevelopmentTraining andCertification,Transfer ofTechnologiesBuy / Rent / orPure ServiceWarranty, Update,MaintenanceSupport

Value Added Service(s)Training Cert.Media Kit/Lic. Cert.AgreementTender paperworkTechnical ProposalTraining HandoutVulnerability FixingAssessment ReportTechnical Reference

Propose Business and Servicearrangement with Client/PartnerDistribution& TradingEquip. &App. RentingServiceOutsourcingCertified /TrainingProjectIndependentConsultant /Sub Con

Consultancy, Training, Certificationand SupportSystemDeploymentCertification /ExamDevelopment /CustomizationTechnologyConsultancySpecial ProjectCustom TrainingCoaching /SolutionArchitectOnsite AdvancedTrainingOffsite TechnicalTraining

Thank You & Open Discussion

Vulnerability Management, Security Assessment, PenetrationTesting SolutionE-SPIN Value Added ServicesProfessional Qualification Skill CertificationProduct In Depth TrainingExtended Security AssessmentVulnerability Fixing MitigationModule DevelopmentPenetration TestingSystem Hardening PatchingIntrusion AnalysisProject Consulting SolutionsDevelopmentIncident handlingLocal Technical Support (phone email remote onsite)Security Mmgt.System Admiin.Security AuditSingle Sourcing Hardware Software ServiceSecure DevelopmentForensics AnalysisSecurity AssessmentOutsourcing SubcontractingCore Security AssessmentWeb App(Web,App, Db.Server).Network/Server &SystemDatabaseIn DepthPacket loitationTesting &Research

Case SPRM(3rd Party /Independent Network/Application/Database/ServerSecurity Audit) Engaged E-SPIN to deliver 3rd party indepthnetwork/application/database/serversecurity audit Line of Business Anti Corruption System(KRIS) within Network Public Facing Portal and Web Applicationsprm.gov.my) Report on the vulnerability and securityposture Recommendation of the vulnerabilityfixing / mitigation Supply the system with three (3) yearsmaintenance contract Class of 5 man days systemadministration training for 1 class (10pax)

Case PizzaHut(3rd Party /Independent Network/Application/Database/ServerSecurity Audit) Engaged E-SPIN to deliver 3rd party indepthnetwork/application/database/serversecurity audit Line of Business Pizza Online OrderCredit Card / Ebusiness Facility Public Facing Portal and Web Application Report on the vulnerability and securityposture Recommendation of the vulnerabilityfixing / mitigation Supply the Anti Defacement system withmaintenance contract

Case Hong LeongNetwork/Server Security, Assets Inventory & PatchManagement) Engaged E-SPIN to delivernetwork/server security assessmentsystem, incorporate assets inventory andpatch management functionality Perform internal network audit,assessment Report on the vulnerability and securityposture Recommendation of the vulnerabilityfixing / mitigation Supply the system with the ongoingsystem update and maintenance contract

Case ING InsuranceWeb/Application/Database/Network/Server Security’Vulnerability Fixing, Training & Maintenance) Engaged E-SPIN to deliverweb/application/database/network/server security assessment system,incorporate into ebusiness SoftwareDevelopment Life Cycle (SDLC) forQuality Assurance, Product SecurityAudit Outsourced vulnerability fixing andmitigation module development Training and project live system coaching Supply the system with the ongoingsystem update and maintenance contract

E-SPIN Threat and Vulnerability Management anagementBaselineDevelopmentRemediationAsset and PatchManagementIncident sset Inventoryand ClassificationClassification ofThreatsEvent CorrelationContent FilteringClassify threat based onprobability and ering weaknessesbefore they can exploitedReportingDeveloping andmaintaining an on-goingprocessIncidentResponseIsolating and resolving assetsecurity issues onceidentified

Independent Software Vendor (ISV) Software as a Service (SaaS) Project implementation, . Bank of China Fujitsu The Pentagon Adidas Group . Certification, Transfer of Technologies Buy / Rent / or Pure Service Warranty, Update, Maintenance

Related Documents:

Guide to Acunetix 360 Basics 4 INSTALLATION Now that you know how Acunetix 360 works, here is a quick look into the deployment differences between Acunetix 360 On-Premises and Acunetix

Safe Browsing Database) Acunetix Product Overview Wordpress, Drupal and Joomla! vulnerability checks to this widely adopted Content Management System (CMS) Framework and Platform since v10, and v10.5 onward. . Nessus”) OpenVAS. Acunetix OVS. Web Scanner Network Scanner Network Scanner: Nessus/SC/Retina/Retina

for SQL Injection, Cross Site Scripting (XSS) & other web vulnerabilities. Acunetix History Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection. How Acunetix Works?

GFI LANguard Network Security Scanner 6. ISS Network Scanner 7. Saint Vulnerability Scanner 8. Symantec NetRecon Scanner 9. Shadow Security Scanner 10. Microsoft Baseline Security Analyzer 11. SPIKE Proxy 12. Foundstone’s ScanLine 13. Cerebrus Internet Scanner Some of the free scanners available on the internet include: .

Nessus/Tenable Vulnerability scanner is a tool that identifies the vulnerability available/present in our environment. EventTracker can integrate Nessus/Tenable vulnerability scanner that helps you to monitor vulnerabilities detected by the scanner into the EventTracker console. It provides a visual representation of top

A Gartner Group study reveals that 75% of cyber-attacks are done at the web application level. . Vulnerability Scanner analyses each page for places where it can input data, and subsequently attempts all the different input combinations. This is the Automated Scan Stage. If the AcuSensor Technology is enabled, a series of additional .

or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities. An attacker taking advantage of an SQLi vulnerability is essentially exploiting a weakness introduced into the application through poor web application development practices.

panini Operator Manual Cd that was included with your scanner. Step . 4 . test Scanner . Click the “Test Scanner” button to perform the scanner test. The scanner will make a brief noise. Upon successful completion of the scanner installation, you will receive a conirmation message that your scanner is ready to use. 4