Both Acunetix Web Vulnerability Scanner and Acunetix Online Vulnerability Scanner provide options for selecting specific types of vulnerability checks to run against your site, such as SQL injection or Cross-Site Scripting checks. This can be done by selecting one of a number of predefined Scanning Profiles. Each Scanning Profile is a logical grouping of scripts that complete a certain task, and therefore each profile checks for specific vulnerabilities.
In Acunetix WVS, Scanning Profiles can be selected from the “Options” stage of the Scan Wizard. You can also create your own customized Scanning Profile, which would include the vulnerability checks of your choice. These Scanning Profiles can then be used to scan multiple websites or web applications. The below procedure explains how you can create different Scanning Profiles:
- Navigate to the Configuration > Scanning Profiles.
- Click the “Create a new profile” button next to the Profile drop down menu and enter a name for the new scanning profile.
- Make sure that the scanning profile is selected in the Profile drop down menu and enable the checks that you want to perform, or disable the ones that you do not want to be done when this profile is used
- Click “Save” next to the “Create a new profile” button to save the changes to the selected scanning profile.
You can remove a scanning profile by simply selecting it and clicking the “Delete current profile” button.
In Acunetix OVS you can select one of a number of predefined Scanning Profiles to run a web scan with. These can be selected when launching or scheduling a scan and include Scanning Profiles for a:
- Full web scan
- CSRF web scan
- High Risk Alerts web scan
- SQL Injection web scan
- Weak Passwords web scan
- Cross Site Scripting (XSS) web scan
A further two options are also provided for network scans. These include options to run a:
- Full network scan using safe checks
- Full network scan that includes invasive checks