I will use it on my host very soon, if you have your own root server, this tool must be part of your administrator toolbox. Joomla! team use it to test the core framework, so we should be on the safe side, unfortunately we are are all using too many plug-ins that may be unsecure.. Here is how a report generated using Acunetix WVS look like (PDF - 1.5MB).
Acunetix Web Vulnerability Scanner automatically scans your web applications / website (shopping carts, forms, dynamic content, etc.) and web services for vulnerabilities such as SQL injection, Blind SQL Injection, Cross site scripting, Google hacking, CRLF Injection & other web attacks. Acunetix crawls and analyzes websites including flash content, AJAX / Web 2.0. Also includes reporting for PCI Compliance, OWASP & more
“Out of the 100,000 websites scanned by Acunetix WVS, 42% were found to be vulnerable to Cross Site Scripting. XSS is extremely dangerous and the number of the attacks is on the rise. Hackers are manipulating these vulnerabilities to steal organizations’ sensitive data. Can you afford to be next?
- Identity theft
- Accessing sensitive or restricted information
- Gaining free access to otherwise paid for content
- Spying on user’s web browsing habits
- Altering browser functionality
- Public defamation of an individual or corporation
- Web application defacement
- Denial of Service attacks