Acunetix provides a list of commonly used Scan Types which you can use to reduce the scope of the tests the scanner will run during the scan. If you do not need to perform a full scan, you may choose from the list of Scan Types to run against a Target, such as SQL injection or Cross-Site Scripting tests.
This can be done by selecting one of the predefined Scanning Types. Each Scan Type is a logical grouping of tests that test for specific classes of vulnerabilities.
The Scan Type may be set upon launching a new Scan. A single Target may be scanned with more than one Scan Type. Scan Types included with Acunetix (on-premises) are as follows.
- Full Scan – Performs a full and thorough scan that will perform all the checks required for high, medium and low severity vulnerabilities.
- High Risk Vulnerabilities – Performs checks regarding what are considered high risk issues on your web application (vulnerabilities that can be exploited easily and have the highest impact).
- Cross-Site Scripting Vulnerabilities – The scan type will check specifically for XSS vulnerabilities.
- SQL Injection Vulnerabilities – Scans for vulnerabilities that can potentially be exploited using SQL Injection.
- Weak Passwords – Scans for weak or default passwords on web applications.
- Crawl Only – Will not perform any scans on the web application but will find all the links and buttons available. Results in a tree structure of the web application being crawled.
In Acunetix Online, ‘Scan Types’ are referred to as ‘Scanning Profiles’. A Scanning Profile may be set upon launching a new Scan. A single Target may be scanned with more than one Scanning Profile. Scanning Profiles included with Acunetix Online are as follows.
- Full web scan
- CSRF web scan
- High Risk Alerts web scan
- SQL Injection web scan
- Weak Passwords web scan
- Cross Site Scripting (XSS) web scan
A further two options are also provided for network scans. These include options to run a:
- Full network scan using safe checks
- Full network scan that includes invasive checks