Denim Group met with Todd Wedge, the Vice President of Business Development from Acunetix on Friday. Todd was in our office to discuss Denim Group representing Acunetix as a channel partner.
Acunetix develops and markets a security software tool called “Web Vulnerability Scanner.” This tool is much like the tools from SPI Dynamics and WatchFire. These products are used to scan and automatically analyze web applications for common application vulnerabilities. In addition, these tools can test for common server misconfigurations (leaving FrontPage extensions enabled) and unknown accidents like leaving backup files on the live web server.
Denim Group has had good luck with these tools. The tools are good at finding a specific set of vulnerabilities that would be hard for a consultant to find because of the number of places and things that individual needs to look for. These tools automate this process and can “brute force” their way through the thousands of files that need to be examined.
WARNING: These tools are not a replacement for human analysis. It is really important to understand that these tools cannot find many common web application security vulnerabilities because these issues are too subtle for a piece of software to detect. Running a tool is no substitute for a Web Application Security Assessment.