Released on: September 4, 2007, 7:19 am

Press Release Author: Tamara Naudi

Industry: Software

Press Release Summary: Organizations now able to protect their websites from growing
threat of Cross Site Scripting vulnerabilities

Press Release Body: London, UK - 4 September, 2007 - Acunetix today launched a free
edition of its popular web vulnerability scanner, which allows companies to check
for cross site scripting vulnerabilities in their websites at no charge. The Free
Edition of Acunetix Web Vulnerability Scanner (WVS) is available immediately at
http://www.acunetix.com/cross-site-scripting/scanner.htm.

What is Cross Site Scripting?

Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript,
ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing
the script on his machine in order to gather data. The use of XSS might compromise
private information, manipulate or steal cookies, create requests that can be
mistaken for those of a valid user, or execute malicious code on the end-user
systems. The data is usually formatted as a hyperlink containing malicious content
and which is distributed over any possible means on the internet. Cross site
scripting vulnerabilities are extremely dangerous and the number of the attacks is
on the rise. More information about Cross Site Scripting can be found at
http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Many a large-scale corporation has fallen prey to Cross Site Scripting, as it is one
of the most common yet underestimated of web attacks. In August 2006, hackers stole
the personal data of nearly 19,000 DSL equipment customers through a vulnerability
in AT&T's online store. Whereas in June 2006, PayPal users were tricked into giving
away social security numbers, credit card details and other highly sensitive
personal information through a cross site scripting vulnerability in the PayPal
website.

A report from Mitre Corp., a US government funded research organization, issued in
September 2006 indicated that Cross-Site scripting ranked first in a list of top
security risks. In a study conducted by Acunetix, 42% of the websites scanned with
Acunetix WVS were found to be vulnerable to Cross Site Scripting.

"Companies don't realize the danger their web sites are under and are therefore
reluctant to invest in web vulnerability scanners. Consequently, security officers
don't have the tools to protect their websites. The free XSS scanner will give
security officers access to a professional cross site scanning tool, that will allow
them to assess their web sites for the cross site scripting danger," said Jonathan
Spiteri, Technical Manager of Acunetix.

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition

To check whether your website has cross site scripting vulnerabilities, download the
Free Edition from http://www.acunetix.com/cross-site-scripting/scanner.htm. This
version will scan any website / web application for XSS vulnerabilities and it will
also reveal all the essential information related to it, such as the vulnerability
location and remediation techniques. Scanning for XSS is normally a quick exercise
(depending on the size of the web-site). A detailed guide how to scan for cross site
scripting vulnerabilities can be found here
http://www.acunetix.com/websitesecurity/xss.htm.

The Free edition also allows you to sample what other threats Acunetix WVS can find
by allowing you to scan the Acunetix test sites for vulnerabilities.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically
checking for SQL injection, Cross site scripting and other vulnerabilities. It
checks password strength on authentication pages and automatically audits shopping
carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where
vulnerabilities exist. Acunetix WVS Reporting Application allows security alerts to
be presented in a document which abides by the PCI DSS specification.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta) and an office in
London, UK. For more information about Acunetix, visit: http://www.acunetix.com;
http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Naudi: tamara@acunetix.com




Web Site: http://www.acunetix.com

Contact Details: Acunetix Ltd
Communications House
26 York Street
W1U 6PZ, London
UK

Tel: (+44) 0845 6126712
Fax: (+44) 0845 6126716
URL: http://www.acunetix.com.