Launching Scans

NOTE: DO NOT SCAN A WEBSITE WITHOUT PROPER AUTHORIZATION!

The web server logs will show your IP address and all the attacks made by Acunetix. If you are not the sole administrator of the website or web application, please make sure to warn other administrators before performing a scan. Some scans might cause a website to crash, requiring a restart of the website.

After configuring your Targets, you are ready to launch Scans and start identifying any vulnerabilities that exist in the web applications. There are multiple ways to start a Scan, which include:

  1. From the Targets list, select the Targets to scan, and click the Scan button

    Screenshot - Select Target and click Scan

  1. From within the Target’s settings, click the Scan Now button

    Screenshot - Select Target and click Scan

  1. From the Scans page, click on New Scan. You will be asked to select the Targets to Scan.

After choosing the Target(s) to scan, configure the scan options to be used for the Scan.

Screenshot - Choose scanning options

  • Scan Type - Choose between Full Scan or a scanning profile which will scan for specific vulnerabilities, such as High Risk Vulnerabilities only. The Scan Types are described below
  • Report - You can request that a report is automatically generated after the scan is completed. The Reports section explains each report in more detail
  • Schedule - Select if the scan should start instantly, or if the scan should be scheduled for a future date / time. You can also configure to have a recurrent scan.

Scan Types

The Scan Types is a logical grouping of checks that Acunetix performs to scan for a specific category of vulnerabilities (such as Cross-Site Scripting, SQL Injection, etc.). Below is a list of scanning types available in Acunetix  with a short description about each:

  • Full Scan - Use the Full Scan profile to launch a scan using all the checks available in Acunetix.
  • High Risk Vulnerabilities - The High Risk Alerts scanning profile will only check for the most dangerous web vulnerabilities.
  • Cross-Site Scripting (XSS) - The XSS scanning profile will only check for Cross-Site Scripting vulnerabilities.
  • SQL Injection - The SQL Injection scanning profile will only check for SQL Injection vulnerabilities.
  • Weak Passwords - The Weak Passwords Scanning profile will identify forms which accept a username and password and will attack these forms.
  • Crawl Only - The crawl only scan will only crawl the site and builds the structure of the site without running any vulnerability checks.

Continuous Scanning

After running the initial scan, identifying and fixing the vulnerabilities detected, and making sure that your Targets do not contain vulnerabilities, you need to ensure that they remain secure. Enable Continuous Scanning on a Target to have Acunetix scan the Target on a daily basis and report back any new vulnerabilities immediately. New vulnerabilities can be introduced by web developers making updates to the site or by administrators making changes the web server’s configuration. In addition, Acunetix is often updated to detect new vulnerabilities.

Continuous Scanning performs a full scan once a week. This scan is augmented by a daily quick scan, which only scans for critical vulnerabilities. Continuous scans updates the vulnerabilities for the Target, and these can be accessed from the Vulnerabilities page. You will be notified by email and in the notification area when new vulnerabilities are identified.

 

 

« Back to the Acunetix Support Page