Acunetix Online Vulnerability Scanner (OVS) allows you to configure child accounts from within your Acunetix OVS account, thereby delegating some scanning and reporting tasks.
This is a great feature for enterprise administrators who need to delegate the security tasks for the company’s websites and front-end servers to multiple IT administrators or security personnel. A company IT Admin can be given the task of managing their own websites or micro-sites, while the CTO or CSO can keep an eye on the general security of the organisations’ internet-facing resources, all through the Acunetix OVS portal.
IT Security Consultants can also benefit from the multi-user feature. Within their account, consultants can create Scan Target Groups for each customer, and add their customers’ web sites, web applications and other internet facing servers to Acunetix OVS. Scanning of these Scan Targets can be scheduled so as to occur as often as needed by the customer, or as often as required by the contractual obligations with the individual customers.
The rest of this article shows how consultants can configure their customers’ sites in the Acunetix OVS portal.
1. Start by identifying the Scan Targets that your customers need to keep secure.
2. Configure these Scan Targets in your Acunetix OVS account. This can be done from Scan Targets > Add Scan Targets. Each Scan Target will need to be verified for web scans, although network scans only require that your account is verified.
3. Create a Scan Target Group for each customer, and sort the Scan Targets within the Scan Target Groups for each customer.
5. Create a Child Account for each customer who needs to initiate or simply monitor scans on their servers. Select the Scan Target group which contains the servers for that specific customer.
6. There are 3 Child Account Roles that might come in handy for this task. These are:
a) Tech Admin – This role allows the user to add and remove Scan Targets within the group, and to execute scans and create reports on the scans affected.
b) Tester – This role allows the child account to run scans on the scan targets that have been configured.
c) Auditor – This role allows the child account to create reports on the scans performed, however they cannot start any scans.
d) Tester / Auditor – allows the child account to run scans on the scan targets that have been configured, and to generate reports on all scans done on the scan targets within the group.
7. As soon as each user is created, they will receive an email with a confirmation link. When they click on the link, they will be asked to provide a password which they will use to access Acunetix OVS.
8. You can review all the Child Accounts created in your account by going back to the Users screen.
With the introduction of child accounts, IT Consultants can better serve their customers IT Security needs. Acunetix OVS Child Accounts are the best way to allow your customers to review the security of their network. More information on Acunetix OVS child accounts can be found at http://www.acunetix.com/support/docs/ovs/configure-child-accounts/.