Acunetix Reports

The following is a list of the reports that can be generated from Acunetix Web Vulnerability Scanner (WVS) and Acunetix Online Vulnerability Scanner (OVS):

Affected Items Report

Availability: OVS and WVS

The Affected Items report shows the files and locations where vulnerabilities have been detected during a scan. The report shows the severity of the vulnerability detected, together with other details about how the vulnerability has been detected.

Developer Report

Availability: OVS and WVS          

The Developer Report is targeted to developers who need to work on the website in order to address the vulnerabilities discovered by Acunetix Web Vulnerability Scanner. The report provides information on the files which have a long response time, a list of external links, email addresses, client scripts and external hosts, together with remediation examples and best practice recommendations for fixing the vulnerabilities.

Executive Report

Availability: OVS and WVS

The Executive Report summarizes the vulnerabilities detected in a website and gives a clear overview of the severity level of vulnerabilities found in the website.

Quick Report

Availability: OVS and WVS

The Quick Report provides a detailed listing of all the vulnerabilities discovered during the scan.

Network Security Report

Availability: OVS only

The Network Security Report provides detailed security information about the perimeter network server scanned by Acunetix Online Vulnerability Scanner. This information is very useful for a network security auditor or pen tester who is tasked with analysing the security of the perimeter network.

Compliance Reports

Screenshot – PCI Compliance Report

Compliance Reports are available for the following compliance bodies and standards:

CWE / SANS – Top 25 Most Dangerous Software Errors

Availability: OVS and WVS

This report shows a list of vulnerabilities that have been detected in your website which are listed in the CWE / SANS top 25 most dangerous software errors. These errors are often easy to find and exploit and are dangerous because they will often allow attackers to take over the website or steal data. More information can be found at

The Health Insurance Portability and Accountability Act (HIPAA)

Availability: OVS and WVS

Part of the HIPAA Act defines the policies, procedures and guidelines for maintaining the privacy and security of individually identifiable health information. This report identifies the vulnerabilities that might be infringing these policies. The vulnerabilities are grouped by the sections as defined in the HIPAA Act.

International Standard – ISO 27001

Availability: OVS and WVS

ISO 27001, part of the ISO / IEC 27000 family of standards, formally specifies a management system that is intended to bring information security under explicit management control. This report identifies vulnerabilities which might be in violation of the standard and groups the vulnerabilities by the sections defined in the standard.

NIST Special Publication 800-53

Availability: OVS and WVS

NIST Special Publication 800-53 covers the recommended security controls for the Federal Information Systems and Organizations. Once again, the vulnerabilities identified during a scan are grouped by the categories as defined in the publication.

OWASP Top10 2013

Availability: OVS and WVS

The Open Web Application Security Project (OWASP) is web security project led by an international community of corporations, educational institutions and security researchers. OWASP is renown for its work in web security, specifically through its list of top 10 web security risks to avoid. This report shows which of the detected vulnerabilities are found on the OWASP top 10 vulnerabilities.

Payment Card Industry (PCI) standards

Availability: OVS and WVS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard, which applies to organizations that handle credit card holder information. This report identifies vulnerabilities which might breach parts of the standard and groups the vulnerabilities by the requirement that has been violated.

Sarbanes Oxley Act

Availability: OVS and WVS

The Sarbanes Oxley Act was enacted to prevent fraudulent financial activities by corporations and top management. Vulnerabilities which are detected during a scan which might lead to a breach in sections of the Act are listed in this report.

DISA STIG Web Security

Availability: OVS and WVS

The Security Technical Implementation Guide (STIG) is a configuration guide for computer software and hardware defined by the Defense Information System Agency (DISA), which part of the United States Department of Defense. This report identifies vulnerabilities which violate sections of STIG and groups the vulnerabilities by the sections of the STIG guide which are being violated.

Web Application Security Consortium (WASC) Threat Classification

Availability: OVS and WVS

The Web Application Security Consortium (WASC) is a non-profit organization made up of an international group of security experts, which has created a threat classification system for web vulnerabilities. This report groups the vulnerabilities identified on your site using the WASC threat classification system.

Scan Comparison Report

Screenshot – Scan Comparison Report

Availability: WVS only

The Scan Comparison Report allows the user to track the changes between two scan results for the same application. This report will highlight resolved, unchanged and new vulnerabilities, making it easy to track development changes affecting the security of your web application.

Monthly Vulnerabilities Report

Availability: WVS only

This statistical report correlates the data from the scans performed in a specific month, and reports on the vulnerabilities identified during that month.


« Back to the Acunetix Support Page