How to scan for specific vulnerabilities

If you do not need to perform a full scan, you may choose from the list of Scan Types to run against a Target. Scan Types are a logical grouping of tests that test for specific classes of vulnerabilities such as SQL injection or Cross-Site Scripting tests which you can use to reduce the scope of the tests the scanner will run during the scan.

You may either use the default Scan Types, or create your own. The Scan Type to run a scan with may be selected upon launching a new Scan. A single Target may be scanned with several Scan Types, several times. The following are the default Scan Types included with Acunetix.

  • Full Scan – Performs a full and thorough scan that will perform all the tests required for high, medium and low severity web application vulnerabilities
  • High Risk Vulnerabilities – Performs tests against high severity web application vulnerabilities (high impact, easily exploitable)
  • Cross-Site Scripting Vulnerabilities – Performs tests against Cross-site Scripting (XSS) web application vulnerabilities
  • SQL Injection Vulnerabilities – Performs tests against SQL Injection (SQLi) web application vulnerabilities
  • Weak Passwords – Performs tests against weak or default web application passwords
  • Crawl Only – Performs a crawl, which finds all links and inputs within a web application, but does not perform any vulnerability tests

A further two Scan Types are available in Acunetix Online for running Network Scans.

  • Full network scan using safe checks
  • Full network scan that includes invasive checks

Custom Scan Types

While the default Scan Types are enough for most use cases, sometimes you may need to fine-tune exactly which tests Acunetix runs. This can be achieved through custom Scan Types. To create a custom Scan Type, navigate to Settings > Scan Types > New. Scan Types are organized by type of test, and you can also search for specific vulnerability tests which you wish to run.

Custom Scan Types

Share this post

Leave a Reply

Your email address will not be published.