Can you afford to pay $500K in fines?

(Auszug aus der Pressemitteilung)


Can you afford to pay $500K in fines?

New version 5 of Acunetix Web Vulnerability Scanner ensures companies meet PCI compliancy

(Excerpt from press release)

London, UK – June 11, 2007 – The PCI Compliancy Standard requires any
company that has a website and does business online, to ensure their
web site and web applications are secure. Penalties for noncompliance
range from fines of up to $500,000, to increased auditing
requirements or even losing the ability to process credit card
transactions. Acunetix today announced the release of Acunetix Web
Vulnerability Scanner v5 which includes an extensive compliancy
reporting tool amongst others, to aid companies achieve PCI

„PCI compliance, required by September 2007, is not just another
bureaucratic standard to comply to. It’s a standard to protect
consumers and the future of online business, based on real world
needs. To avoid similar cases such as TJX happening again, it is
imperative that companies take all the necessary precautions to
ensure they reach compliancy,“ announced Nick Galea, CEO Acunetix.
„Acunetix WVS v5 will check your web site and alert you to any issues
you need to fix. Once fixed, it will create a detailed report which
will allow you to easily prove that you meet these particular PCI

Acunetix WVS v.5 helps meet the following PCI requirements:

  • (Requirement 2.2.4) Remove all unnecessary functionality
  • (Requirement 2.3) Encrypt all non-console administrative access
  • (Requirement 4) Encrypt transmission of cardholder data across open, public networks
  • (Requirement 6) Develop and maintain secure systems and applications
  • (Requirement 6.5.1) Unvalidated Input
  • (Requirement 6.5.2) Broken Access Control
  • (Requirement 6.5.3) Broken Authentication and Session Management
  • (Requirement 6.5.4) Cross Site Scripting (XSS) Flaws
  • (Requirement 6.5.5) Buffer Overflows
  • (Requirement 6.5.6) Injection Flaws
  • (Requirement 6.5.7) Improper Error Handling
  • (Requirement 6.5.8) Insecure Storage
  • (Requirement 6.5.9) Denial of Service
  • (Requirement 6.5.10) Insecure Configuration Management

A PCI Compliance Guide is available here.

Other important new features:

Acunetix Reporter
The Acunetix Reporter is a separate application which provides
centralized control over all reporting and documentation needs. The
Reporter allows single-click reporting capability and features
multiple reporting formats such as vulnerability and developer
reports, compliance (including The Health Insurance Portability and
Accountability Act (HIPAA), OWASP TOP 10 2004, OWASP TOP 10 2007,
Payment Card Industry (PCI), Sarbanes Oxley Act of 2002, Web
Application Security Consortium: Threat Classification), comparison,
and also statistical reports. The Reporter allows reports to be
exported as PDF, RTF, HTML, BMP, and PRN formats.

Web Services Scanner
Many organizations are implementing the Web Services architecture to
increase the availability of information and to improve process
executions of the internet. Web Services, like any other internet-
dependent system, presents new exploit possibilities and increases
the need for security audits. The Web Services Scanner performs
automated vulnerability scans for Web Services and generates detailed
security reports from the results.

Web Services Editor
Allows the importing of an online or local WSDL and the sending of
custom operation inputs over the ServiceSOAP ports. Also includes in
depth analysis of the WSDL structure, containing parameters in the
XML schema and the various operations over the SOAP service ports.

Subdomain Scanner
Automatically scans a top-level domain to locate any subdomains
configured in its hierarchy by using the target domain’s DNS server,
or by specifying one manually. Any subdomains discovered can be
scanned for vulnerabilities from within the tool itself, or imported
directly into the HTTP Editor for further analysis through custom

Pricing and availability
Acunetix VWS is available in three versions: Small Business Version
(scans 1 nominated website), Enterprise Version (scans unlimited
websites) and Consultant version (scans unlimited third party
websites). Pricing starts at $1995 for a perpetual Small Business
license and $5995 for a perpetual Enterprise license.

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by
automatically checking for SQL injection, Cross site scripting and
other vulnerabilities. It checks password strength on authentication
pages and automatically audits shopping carts, forms, dynamic content
and other web applications. Acunetix also crawls and analyzes
websites including flash content, SOAP and AJAX. As the scan is being
completed, the software produces detailed reports that pinpoint where
vulnerabilities exist.