Looking for a particular post or topic? Search here!

Where My Readers Are From

Flag Counter

Who's Reading HFM Life

Monday, October 8, 2007

Free XSS Web Security Tool

Do you know that your company’s website is highly vulnerable to cross site scripting? When I was still working, one of our client’s company’s website was hacked and as a result, they lost some highly confidential data and problems arose one after another resulting from the hack. The company then spent months and huge amounts of money to fix the problems. It is therefore very important that a company’s web application be secured by installing a web vulnerability scanner that allows the company to check for cross site scripting vulnerabilities. If your company does not have one yet, you can now Download Your Free Acunetix XSS Scanner from Acunetix.com. Check them out today and protect your company’s web applications from being hacked.





Press Release :

What is Cross Site Scripting?
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet. Cross site scripting vulnerabilities are extremely dangerous and the number of the attacks is on the rise. More information about Cross Site Scripting can be found at http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Many a large-scale corporation has fallen prey to Cross Site Scripting (XSS), as it is one of the most common yet underestimated of web attacks. In August 2006, hackers stole the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T’s online store. Whereas in June 2006, PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information through a cross site scripting vulnerability in the PayPal website.

A report from Mitre Corp., a US government funded research organization, issued in September 2006 indicated that Cross-Site scripting ranked first in a list of top security risks. In a study conducted by Acunetix, 42% of the websites scanned with Acunetix WVS were found to be vulnerable to Cross Site Scripting.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners. Consequently, security officers don’t have the tools to protect their websites. The free XSS scanner will give security officers access to a professional cross site scanning tool, that will allow them to assess their web sites for the cross site scripting danger,” said Jonathan Spiteri, Technical Manager of Acunetix.

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition
To check whether your website has cross site scripting vulnerabilities, download the free edition from http://www.acunetix.com/cross-site-scripting/scanner.htm. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site). A detailed guide how to scan for cross site scripting vulnerabilities can be found here http://www.acunetix.com/websitesecurity/xss.htm.

The Free Edition also allows you to sample what other threats Acunetix WVS can find by allowing you to scan the Acunetix test sites for vulnerabilities.

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Acunetix WVS Reporting Application allows security alerts to be presented in a document which abides by the PCI Compliance specification.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta) and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de/.






No comments: