Review Scan Results
Screenshot - Scan List
Once the scan has finished, Acunetix will send you an email with a summary of the results and a link allowing you to access the scan results directly. The scan results show the start and end date of the scan, the duration of the scan and all the alerts that have been identified during the scan. The AcuSensor logo is also displayed when the scan detects and makes use of AcuSensor during a web scan.
The scan results consists of 4 sections:
- Scan Stats & Info - this provides an overview of the Target as detected by the scan, and information about the Scan, such as scan duration, average response time and the number of files scanned.
- Vulnerabilities - This is the list of vulnerabilities detected ordered by severity.
Screenshot - List of Vulnerabilities detected by a scan
- Site Structure - You can use the site structure to ensure that Acunetix has covered all the site, and to identify vulnerabilities affecting a specific file or folder of the site scanned.
Screenshot - Site Structure
- Events - A list of events related to scan. This will show when the scan started and finished, and if any errors have been encountered during the scan.
Alerts (vulnerabilities) discovered
One of the key components of the scan results is the list of all vulnerabilities found in the scan target during the scan. Depending on the type of scan, these can be either Web Alerts or Network Alerts, and the alerts are categorized according to 4 severity levels:
High Risk Alert Level 3 – Vulnerabilities categorized as the most dangerous, which put the scan target at maximum risk for hacking and data theft.
Medium Risk Alert Level 2 – Vulnerabilities caused by server misconfiguration and site-coding flaws, which facilitate server disruption and intrusion.
Low Risk Alert Level 1 – Vulnerabilities derived from lack of encryption of data traffic or directory path disclosures.
Informational Alert – These are items which have been discovered during a scan and which are deemed to be of interest, e.g. the possible disclosure of an internal IP address or email address, or matching a search string found in the Google Hacking Database, or information on a service that has been discovered during the scan.
Depending on the type of vulnerability, additional information about the vulnerability is shown when you click on an alert category node:
- Vulnerability description - A description of the discovered vulnerability.
- Affected items - The list of files or components which are affected by the alert.
- The impact of this vulnerability – Level of impact on the website, web server or perimeter server if this vulnerability is exploited.
- Attack details - Details about the parameters and variables used to test for this vulnerability. E.g. for a Cross Site Scripting alert, the name of the exploited input variable and the string it was set to will be displayed. You can also find the HTTP request sent to the web server and the response sent back by the web server (including the HTML response).
- How to fix this vulnerability - Guidance on how to fix the vulnerability.
- Classification - Apart from the Acunetix classification, this section provides classification by CVSS (v2 and v3) score and CWE enumeration id.
- Detailed information - More information on what is causing the reported vulnerability, with examples where applicable.
- Web references - A list of web links to external sources providing more information on the vulnerability to help you understand and fix it.
Grouping of Vulnerabilities
Screenshot – Grouping of vulnerabilities
The list of vulnerabilities detected can be grouped by the vulnerability type. If the same type of vulnerability is detected on multiple pages, the scanner will group them under one alert node. Clicking on one of the vulnerabilities will filter the list to show only the instances for the specific vulnerability.
Vulnerabilities Detected by AcuMonitor
An Acunetix scan makes use of AcuMonitor to detect certain vulnerabilities such as Blind XSS, Email Header Injection, and certain types of SSRF, XXE and Host Header Attacks. AcuMonitor can only detect some of these vulnerabilities after the scan has finished. When this happens, AcuMonitor will update the scan results with the new vulnerabilities detected and you will receive an email notifying you that the scan results have been updated. More information on AcuMontor can be found at http://www.acunetix.com/vulnerability-scanner/acumonitor-blind-xss-detection/.
Exporting Scan Results to WAFs
The detection of vulnerabilities on a web application is the first step. Ideally these vulnerabilities are fixed as soon as possible, however experience shows that this is not always the case. In this case, it is ideal if the risk that vulnerabilities create is mitigated.
An Acunetix scan can be exported to a format supported by the most popular Web Application Firewalls (WAFs), including:
- F5 Big-IP Application Security Manager (ASM)
- Imperva SecureSphere WAF
- Fortinet Fortiweb
- Generic XML export