Acunetix Offers New Security Audit Service

Updated: On-demand audit service will check for security flaws in business Web sites and Web applications.

Internet security company Acunetix is offering customers an extra set of eyes to search for vulnerabilities on their Web sites.

The company launched Acunetix SiteAudit on Nov. 27, a new on-demand Web security audit service. SiteAudit is designed to evaluate business Web site and Web application security, while eliminating the cost of having business owners perform such checks on their own.

"Web vulnerability scanning is a critical issue," said Kevin J. Vella, vice president of sales at Acunetix. Vella called the companys move a "logical step" in providing security services to businesses.

Even a small vulnerability can lead to the theft of sensitive data such as credit card information, and hurt customer confidence in a company, Acunetix officials said.

Recent research has shown Web applications are often the victim of attacks by hackers. A report by the Watchfire Corporation dealing with Web application security estimated that 75 percent of hacking attacks occur over the http:/s protocols, and stated "it is essential that organizations implement strong measures to secure their Web applications."

Watchfire is based in Massachusetts and provides software and services to help ensure the security of Web sites.

Caleb Sima, chief technical officer and co-founder of the Internet security firm S.P.I. Dynamics, said small and midsize businesses are increasingly looking for help to prevent security breaches of their Web applications.

Attacks on Web applications expanded after networks tightened security and the number of businesses on the Internet continued to grow, Sima said.

"The biggest reason is that its basically the last layer of attack for hackers," Sima said. "Its almost the front door to every single company."

S.P.I. specializes in security products and services that support the entire Web application life-cycle, from development to deployment.

Acunetix SiteAudit is performed by the companys Web security experts with Acunetix Web Vulnerability Scanner. The company scans its customers entire Web site and all the customers Web applications—including Javascript/AJAX applications—for security gaps and checks for SQL injections and cross-site scripting.

Acunetix officials said the audit service, which retails at $395, was designed to eliminate costs tied to the installation, administration and maintenance of purchasing and running software.

/zimages/3/28571.gifWeb application attacks dominate IT landscape. Click here to read more.

In addition to performing a thorough Web application scan, Acunetix also offers a complimentary audit of Web and database servers. The service also includes a detailed audit report on the Web site, Web server and database engine and lists any vulnerabilities uncovered.

The company also makes recommendations for fixing those problems.

Company officials said businesses might have neither the in-house expertise to run auditing software effectively nor the money to maintain in-house testing.

"Technology has to be made [financially] accessible to the market," Vella said.

Editors Note: This story was updated to include comments from Caleb Sima, co-founder of S.P.I. Dynamics.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.