Website security is one that demands the highest priority today. Particularly in a business setting, amidst a global pandemic. Website security tools are one consideration that helps achieve better security standards. But such tools are dime a dozen. Two of these well-known website security service offerings come in the form of Acunetix and Nimbusec. But how do these two services compare with each other? Which one stands out? Here’s a look in detail.

Nimbusec

Nimbusec is a website security solution that came out of a company running servers for hundreds of websites for an Austrian university. As the company states, “Students and associated offices operated a multitude of content management systems that often were hardly ever updated. This led to many successful cyber-attacks, but due to university policy administrators were not allowed to read or write data in user directories.” The result was a solution “that only used public information in conjunction with machine-generated, abstract code behaviour description to detect malware, defacements and blacklisting”.

So what does Nimbusec entail? The company claims 24/7 website monitoring via malware detection, backdoors/web shells detection, blacklisting detection, overdue CMS update detection, and issues over SSL certificates.

Malware Detection

Any good security solution needs a comprehensive malware detection mechanism. Right off the bat, nimbusec offers malware detection as well. This operates via nimbusec’s own nimbusec Shell Ray engine. Additionally, nimbusec is equipped with Ikarus and Avira commercial antivirus engines.

Acunetix also comes with malware detection capabilities. With the level of internet browsing, the average user engages in, it is important to be able to detect suspicious links. Acunetix utilizes Google and Yandex as the basis for this functionality. Thereby, if a website or web application links to malicious content, these get flagged by Acunetix scans.

Acunetix also detects malicious scripts found on web content. Acunetix uses Microsoft Defender (Windows) and ClamAV (Linux) virus scanning engines for its malware detection.

Vulnerability scanning

Vulnerability scanning is a critical component when it comes to web security. Nimbusec checks for insecure configurations in the form of leftover installation files, file permissions, suspicious redirects in .htaccess files, etc. Furthermore, nimbusec detects vulnerabilities found in installed CMS versions as well.

Nimbusec is also equipped with SPAM and web shell detection. As nimbusec states, “The nimbusec server agent runs on your web server and is fully controlled by you. It operates on almost all operating system and provides the intelligence of cloud analysis while maintaining absolute data protection.” Nimbusec further mentions that the company does not use static signatures. Instead, it performs what nimbusec calls “an intelligent source code analysis analysis” on your web servers. Essentially, this allows detection of new malwares and SPAM shells long before signatures exist.

In addition to the above, nimbusec also tracks all your files for any changes and suspicious activity.

But how does Acunetix vulnerability scanning hold up? Acunetix’s side of offering includes a complete web application security testing solution. For instance, Acunetix integrations allow users to integrate tools like Jenkins conveniently. Acunetix also enables the use of third-party issue trackers such as Jira, GitLab, GitHub, TFS, Bugzilla, and Mantis.

In case you didn’t know, Acunetix vulnerability scanning engine is written in C++. This makes it arguably one of the fastest web security tools, which helps in the context of scanning complicated web applications with a lot of JavaScript.

According to Acunetix with SmartScan, its own scanning algorithm, can identify 80% of vulnerabilities within the first 20% of the scan.

Additionally, Acunetix’s vulnerability scanning comes with AcuSensor IAST Technology. In essence, the security offering extends beyond dynamic application security testing to an interactive application security testing form. This works with PHP, Java, and ASP.NET applications.

Acunetix is also equipped with the OpenVAS open-source tool. Simply put, OpenVAS helps you scan your IP address ranges. This lets you find any open ports and network device-related vulnerabilities.

There is more

Malware detection and vulnerability scanning are not all nimbusec and Acunetix has to offer. For instance, Acunetix is also equipped with more additional features in its product offering. Its DeepScan technology crawls HTML5 and JavaScript websites. This DeepScan technology is a DOM parser that works on top of an upgraded Chromium engine. This translates to an emulation of a user’s online behaviour when navigating through websites, including virtual mouse actions.

DeepScan is also capable of recognizing popular JavaScript frameworks such as React, Angular, and Vue. Once identified the crawl changes according to the specific framework. This makes for a more efficient process.

With the Login Sequence Recorder, DeepScan is able to crawl and scan areas that usually require authentication. For example, Single Sign-On authentication, Multi-Factor Authentication, CAPTCHAs, etc.

In addition to DeepScan, Acunetix also has what it calls “AcuMonitor”. The AcuMonitor enables the scanner to detect out-of-band vulnerabilities. What this means is that Acunetix scanner takes a broader coverage when it comes to identifying vulnerabilities. Some of these vulnerabilities include Blind server-side XML/SOAP injection, Server-side request forgery (SSRF), Out-of-band SQL Injection (OOB SQLi), and Out-of-band remote code execution (OOB RCE).

Acunetix also comes with a few additional features. Further to malware detection and vulnerability scanning Acunetix,

  • Validates if your website’s SSL certificate is accepted by all major browsers
  • Checks for content defacement and page deformations
  • Checks if your website is listed on any of the blacklists
  • Enables automatic website shutdowns/redirects
So which is better?

As you can see, both Acunetix and nimbusec offers a comprehensive set of security tools. But looking through the list of features on offer, Acunetix looks to have covered more ground in terms of addressing every possible website security vulnerability. Of course, it is impossible to cover 100% of website security loopholes. But Acunetix comes on top of the two.

If you are still not convinced, that’s fine. But feel free to give us a buzz on info@c-yber.com or call us on (+372) 602 3532.

Acunetix