Acunetix Ltd.
http://www.acunetix.com
E-mail: info@acunetix.com
Information in this document is subject to change without notice. Companies,
names, and data used in examples herein are fictitious unless otherwise
noted. No part of this document may be reproduced or transmitted in any
form or by any means, electronic or mechanical, for any purpose, without the
express written permission of Acunetix Ltd.
Acunetix WVS is copyright of Acunetix Ltd. 2004–2009.
Acunetix Ltd. All rights reserved.
Document version 6.5
Last updated 27th July 2009.
1. Introduction to Acunetix Web Vulnerability
Scanner
Why You Need To Secure Your Web Applications
Website security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Increasingly, hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc.
Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the attacked sites. A victim’s website can be used to launch criminal activities such as hosting phishing sites or to transfer illicit content, while abusing the website’s bandwidth and making its owner liable for these unlawful acts. Hackers already have a wide repertoire of attacks that they regularly launch
against organizations including SQL Injection, Cross Site Scripting, Directory Traversal Attacks, Parameter
Acunetix 有限公司 http://www.acunetix.com 电子邮件: info@acunetix.com 本文档中的信息如有更改,恕不另行通知。公司、 名称和本示例中使用的数据都是虚构的除非另有说明的。可能要转载本文档的任何部分,或将其传送以任何形式或以任何方式,电子或机械的情况下,出于任何目的,Acunetix 有限公司的明确书面许可Acunetix WVS 是 Acunetix 有限公司 2004 的版权。Acunetix 有限公司保留的所有权利。文档版本 6.5 最后更新于 2009 年 7 月 27。
1.Acunetix Web 漏洞扫描程序简介
为什么您需要保护您的 Web 应用程序
网站安全可能是当今最容易被忽视的方面加强企业的安全,并应在任何组织中的一个优先事项。越来越多,***正集中努力基于 web 的应用程序 — — 购物车、 窗体、 登录页面、 动态内容、 等。7 从任何位置访问 24 世界,不安全的 web 应用程序提供易于访问后端企业数据库和还允许进行非法活动,使用受***的网站的***。受害者的网站,可进行犯罪活动如托管网络钓鱼站点,或同时滥用网站的带宽传输非法的内容,并使其所有者负责这些非法行为。***已经有广泛的曲目,他们定期推出针对组织包括参数目录遍历***、 跨站点脚本编写 SQL 注入***的
转载于:https://blog.51cto.com/chinawl/529034