As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.

Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the attacked site. A victim’s website can be used to launch criminal activities such as hosting phishing sites or to transfer illicit content, while abusing the website’s bandwidth and making its owner liable for these unlawful acts.

Firewalls, SSL and locked-down servers are futile against web application hacking!

Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.

Find out if your web site is secure before hackers download sensitive data, commit a crime using your web site as a launch pad, and endanger your business. Web Vulnerability Scanner crawls your web site, automatically analyzes your web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose your on line business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!

Web Vulnerability Scanner includes many innovative features:

AcuSensor Technology.

An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications.

Industries’ most advanced and in-depth SQL injection and Cross site scripting testing.

Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer.

Visual macro recorder makes testing web forms and password protected areas easy.

Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms.

Extensive reporting facilities including VISA PCI compliance reports.

Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease.

Intelligent crawler detects web server type and application language.

crawls and analyzes websites including flash content, SOAP and AJAX.

Port scans a web server and runs security checks against network services running on the server.

In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities with the innovative AcuSensor Technology:

WVS checks for all web vulnerabilities including SQL injection, Cross site scripting and many others. SQL injection is a hacking technique which modifies SQL queries in order to gain access to data in the database. Cross -site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.

Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks.

Has a state of the art vulnerability detection engine that comes with the pioneering AcuSensor Technology. This is a unique security technology that quickly finds vulnerabilities with a low number of false positives, indicates where the vulnerability is in the code and reports debug information. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion, Authentication vulnerabilities and others.

Scan AJAX and Web 2.0 Technologies for vulnerabilities:

The state of the art CSA (client script analyzer) Engine allows you to comprehensively scan the latest and most complex AJAX / Web 2.0 web applications and find web vulnerabilities.

Port Scanning and Network Alerts:

Web Vulnerability Scanner also runs an optional port scan against the web server where the website is hosted and automatically identifies the network service running on an open port, launching a series of network security tests against that network service. Customized network alerts can also be developed by following detailed SDK documentation provided by .

The security checks that ship with the product are: Test for weak passwords on FTP, IMAP, SQL servers, POP3, Socks, SSH, Telnet and other DNS server vulnerabilities like Open Zone Transfer, Open Recursion, Cache Poisoning, as well as, FTP access tests such as if anonymous access is allowed and list of writable FTP directories, security checks for badly configured Proxy Servers, checks for weak SNMP Community String, checks for weak SSL ciphers, and many other sophisticated security checks!

Detailed reports enable you to meet Legal and Regulatory Compliance:

Web Vulnerability Scanner includes an extensive reporting module which can generate reports that show whether your web applications meet the new PCI DSS Data Compliance requirements amongst many others.

Analyzes your site against the Google Hacking Database:

The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive information on your website such as portal logon pages, logs with network security information, and so on. launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.

Test password protected areas and web forms with Automatic web form filler:

Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test such pages. Not so with : Using the macro recording tool Login Sequence Recorder, you can record a login sequence, form filling process or a specific crawling sequence. The scanner will replay this sequence during the scan process and fill in web forms and log on to password protected areas automatically.

Advanced penetration testing tools included:

In addition to its automated scanning engine, includes advanced tools to allow penetration testers to fine tune web application security audits.

HTTP Editor – Construct HTTP/HTTPS requests and analyze the web server response.

HTTP Sniffer – Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application.

HTTP Fuzzer – Perform sophisticated fuzzing tests to test web applications input validation and handling of unexpected and invalid random data. Test thousands of input parameters with the easy to use rule builder of the HTTP Fuzzer. Tests that would have taken days to perform manually can now be done in minutes.

Script your own custom web vulnerability attacks with the WVS Scripting tool. A scripting SDK documentation is available from the website.

Blind SQL Injector – An automated database data extraction tool that is ideal for penetration testers who wish to make further tests manually.

Many more advanced features:

Scanning profiles to easily scan websites with different scan options and identities.

Custom report generator.

Compare scans and find differences with previous scans.

Easily re-audit web site changes with rescan functionality.

Support for CAPTCHA, Single Sign-On and Two Factor authentication mechanisms.

Detects popular web applications (e.g. forums, shopping carts) and detects vulnerable versions.

Detects directories with weak permissions and if dangerous HTTP methods are enabled.

Generates a list of uncommon HTTP responses such as internal server error, HTTP 500, etc.

Customize list of false positives.