The detection of vulnerabilities is the first step to securing your web applications. The vulnerabilities detected need to be managed and eventually fixed. Acunetix provides the means to help you prioritise and manage vulnerabilities.
Screenshot - Vulnerabilities List
The Vulnerabilities page provides a list of all the vulnerabilities detected by Acunetix. By default, the vulnerabilities are sorted by Business Criticality of the target the vulnerability was detected on, and the severity assigned to the vulnerability by Acunetix. This will help you focus on the most important vulnerabilities, without losing sight of the less important ones.
Grouping and Filtering Vulnerabilities
Screenshot - Grouping by Business Criticality
As the amount of vulnerabilities detected increases, the list of vulnerabilities can become cumbersome to manage. For this reason, the vulnerabilities can be grouped or filtered.
Vulnerabilities can be grouped either by Business Criticality or by Vulnerability Type. Grouping by Business Criticality gives priority the vulnerabilities occurring on web applications which are of higher importance to the organisation. Grouping by Vulnerability Type prioritises the vulnerabilities using the severity assigned by Acunetix.
Vulnerabilities can be filtered by Target, Severity, Target’s Business Criticality, Status, CVSS, and Target Group. The list allows for multiple flexible filters, e.g. show all the high severity Vulnerabilities, identified on a specific Target, which are still open.
Screenshot - Filtered vulnerabilities
Vulnerabilities detected by Acunetix remain in the vulnerabilities list until they are marked as not open. You can remove vulnerabilities from the list of open vulnerabilities by marking them as:
Fixed - This status is given to vulnerabilities that are fixed by the developers. If the vulnerability is found again by Acunetix, the vulnerability will be re-opened, and marked as Rediscovered
False Positive - There are situations where a vulnerability is incorrectly detected by Acunetix. The vulnerability will not be reported again in future scans.
Ignored - This status can be used for vulnerabilities which are not False Positives, but which for some reason should be ignored in future scans.
Vulnerabilities marked as False Positives or Ignored can be re-opened manually at any time.