www.acunetix.com Open in urlscan Pro
2606:4700::6812:ae0  Public Scan

Submitted URL: http://bxss.me/
Effective URL: https://www.acunetix.com/vulnerability-scanner/acumonitor-technology/
Submission: On October 22 via manual from MX — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Get a demo Toggle navigation Get a demo
 * Product
 * Why Acunetix?
   * Solutions
     * INDUSTRIES
       * IT & Telecom
       * Government
       * Financial Services
       * Education
       * Healthcare
     * ROLES
       * CTO & CISO
       * Engineering Manager
       * Security Engineer
       * DevSecOps
   * Case Studies
   * Customers
   * Testimonials
 * Pricing
 * About Us
   * Our story
   * In the news
   * Careers
   * Contact
 * Resources
   * Blog
   * Webinars
   * White papers
   * Buyer’s guide
   * Partners
   * Support
 * Get a demo


DETECT OUT-OF-BAND VULNERABILITIES WITH


ACUMONITOR TECHNOLOGY

Get a demo



ACUMONITOR SERVICE – OUT-OF-BAND VULNERABILITY DETECTION

AcuMonitor is a service provided by Acunetix, which allows the scanner to detect
out-of-band vulnerabilities. This service is automatically used by out-of-band
checks and requires no installation or configuration, only simple registration
for on-premises versions.


WHAT ARE THE BENEFITS OF ACUMONITOR?

AcuMonitor increases the scope of vulnerabilities that the Acunetix scanner can
detect. Without AcuMonitor, out-of-band detection is not possible. Also,
vulnerabilities detected with AcuMonitor are never false positives. Here are
some of the vulnerabilities detected by Acunetix with AcuMonitor:

 * Blind server-side XML/SOAP injection
 * Blind XSS (delayed XSS)
 * Host header attack
 * Out-of-band remote code execution (OOB RCE)
 * Out-of-band SQL Injection (OOB SQLi)
 * Email header injection
 * Server-side request forgery (SSRF)
 * XML External Entity injection (XXE)


HOW DOES ACUMONITOR WORK?

During an Acunetix scan, your Acunetix scanner sends payloads to the tested
application. Here is how these payloads work with AcuMonitor:

 * AcuMonitor is a publicly accessible service. It waits for two types of
   connections: connections from your web application after processing an
   Acunetix vulnerability payload and connections from your Acunetix scanner
   (online or on-premise).
 * When Acunetix performs a test for an out-of-band vulnerability, the payload
   is designed to send a specific request to the AcuMonitor service. In the case
   of out-of-band vulnerabilities, this can happen either immediately or with a
   delay and from a different location in the application or from a completely
   different web application.
 * Your Acunetix scanner regularly polls AcuMonitor to check whether the payload
   has reached the service. If it has, it receives details from AcuMonitor, thus
   confirming the out-of-band vulnerability with 100% certainty.


IS ACUMONITOR SECURE?

AcuMonitor is absolutely secure both in terms of data transmission and data
storage.

 * AcuMonitor payloads use TLS whenever possible. This ensures that connections
   to AcuMonitor are encrypted.
 * AcuMonitor does not receive or store enough information to identify the
   source of the vulnerability. The scanner does not send any information about
   the original request to AcuMonitor. To distinguish between tests, AcuMonitor
   uses your unique AcuMonitor ID acquired during registration and random unique
   identifiers generated by Acunetix.
 * Requests made to AcuMonitor are stored for a limited amount of time (maximum
   7 days) and then securely deleted.


RECOMMENDED READING

Learn more about prominent vulnerabilities, keep up with recent product updates,
and catch the latest news from Acunetix.


KNOWLEDGE SHARING

What is SQL Injection

What is Cross-site Scripting

What Are XML External Entity Attacks

What is Insecure Deserialization


POPULAR POSTS

SQL Injection Example

Preventing SQL Injection in PHP

TLS/SSL Cipher Hardening

Defending Against CSRF Attacks


IN THE NEWS

Complimentary licenses – COVID-19

Interview with Acunetix President & COO

Innovations in Acunetix v13

Network scans now fully available

“We use Acunetix as part of our Security in the SDLC and to test code in DEV and
SIT before being promoted to Production.”

Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox


TAKE ACTION AND DISCOVER YOUR VULNERABILITIES

Get a demo

PRODUCT INFORMATION


 * AcuSensor Technology
 * AcuMonitor Technology
 * Acunetix Integrations
 * Vulnerability Scanner
 * Support Plans

USE CASES


 * Penetration Testing Software
 * Website Security Scanner
 * External Vulnerability Scanner
 * Web Application Security
 * Vulnerability Management Software

WEBSITE SECURITY


 * Cross-site Scripting
 * SQL Injection
 * Reflected XSS
 * CSRF Attacks
 * Directory Traversal

LEARN MORE


 * White Papers
 * TLS Security
 * WordPress Security
 * Web Service Security
 * Prevent SQL Injection

COMPANY


 * About Us
 * Customers
 * Become a Partner
 * Careers
 * Contact

DOCUMENTATION


 * Case Studies
 * Support
 * Videos
 * Vulnerability Index
 * Webinars

 * Login
 * Invicti Subscription Services Agreement
 * Privacy Policy
 * Terms of Use
 * Sitemap

 * Find us on Facebook
 * Follow us on Twiter
 * Follow us on LinkedIn

© Acunetix 2024, by Invicti