About cookies

This site uses cookies. Learn more about the purpose of their use and ability to change settings for cookies in your browser.

Highest Detection Rate

acunetix baner 765

Accurate vulnerability detection lies in the ability to detect anything from the most obvious to the most obscure of vulnerabilities. Acunetix is the industry leader in detecting the largest variety of SQL Injection and XSS vulnerabilities, including Out-of-band SQL Injection and DOM-based XSS as well as 3000 other web vulnerabilities.


In-depth SQL Injection and XSS Vulnerability Testing

Acunetix rigorously tests for thousands of web application vulnerabilities including SQL Injection and XSS. However, when it comes to Dynamic Application Security Testing (DAST), while the number of tests a scanner can run is important, it is secondary to how well it can crawl and scan an application. Acunetix DeepScan Technology:

  • Crawl and scan HTML5 web applications, and execute JavaScript like a real browser.
  • Industry’s highest detection rate for high severity vulnerabilities.
  • Reliably detects advanced DOM-based Cross-site Scripting.
  acunetix 8

Advanced Automated DOM-based XSS Vulnerability Testing

DOM-based XSS is made possible when the web application’s client-side scripts, write user provided data to the Document Object Model (DOM). The data is subsequently read from the DOM by the web application and outputted to the browser. If the data is incorrectly handled, an attacker can inject a payload, which will be stored as part of the DOM and executed when the data is read back from the DOM. This advanced type of XSS is very difficult to detect.

  • Acunetix scans for a wide range of advanced DOM-based XSS vulnerabilities.
  • Reports DOM-based XSS source and evaluation sink.
  • Provides a stack-trace of the injected DOM-based XSS payload.
  acunetix 9

Detection of Blind XSS, XXE, SSRF and Email Header Injection

Traditional methods of detecting vulnerabilities fall short when attempting to detect out-of-band vulnerabilities; that it, detecting vulnerabilities that do not provide a response to a scanner during testing. Detection of out-of-band vulnerabilities requires an intermediary service such as Acunetix AcuMonitor that checks for:

  • Blind XSS and XML External Entity Injection (XXE).
  • Server Side Request Forgery (SSRF) and Host Header Attacks.
  • Email Header Injection and Password Reset Poisoning.
  acunetix 10