Acunetix Online has undergone a mammoth update, now enjoying all the features and benefits found in Acunetix On Premise, including: Integrated vulnerability management, greater manageability of threats and targets and the integration of popular WAFs and Issue Tracking systems. Acunetix Online also features a brand new UI for greater ease-of-use and manageability.
New web-based user interface
The user interface has been re-designed with a fresh new look, bringing it inline with Acunetix On Premise. The Acunetix Online UI is designed to make it easier for customers to use, by focusing on the core functionality of the product, introducing filtering options, and improving manageability of Targets.
- All lists can be filtered (Targets, Scans, Vulnerabilities and Reports).
- Increased configuration options (Excluded Hours, Excluded Paths, custom User Agent strings, client certificates and more).
- Pre-seed crawls using a list of URLs, Acunetix Sniffer Log, Fiddler SAZ files, Burp Suite saved and state files, and HTTP Archive (HAR) files.
Targets and Vulnerabilities configured by business criticality
Business Criticality can now be assigned to Targets, enabling customers to immediately identify and address vulnerabilities on critical servers.
- Vulnerabilities identified on all Targets are shown in one list
- Vulnerability list can be filtered by Target, Business Criticality, Vulnerability, Vulnerability Status and CVSS.
- Vulnerability can be grouped by Target Business Criticality and Vulnerability Severity.
Integration with popular WAFs and Issue Tracking Systems
Vulnerabilities can now be exported to one of the supported WAFs (F5 Big-IP ASM, Fortinet FortiWeb and Imperva SecureSphere). This allows the user to implement a virtual patch in the WAF, until a fix addressing the vulnerability is installed. Scan results can also be exported to the Acunetix generic XML for integration with other WAFs or 3rd party systems.
Acunetix Online also supports exporting vulnerabilities to either Atlassian JIRA, GitHub or Microsoft Team Foundation Server (TFS), allowing development teams to better keep track of vulnerabilities in their issue tracking systems.
Mark Vulnerabilities as Fixed or False Positives
With the ability to mark vulnerabilities as False Positive, Fixed or Ignored, users can now get rid of false positives from upcoming scans and reports. While any fixed vulnerabilities that are identified by Acunetix will be shown as Rediscovered. The user is given the option of accepting the risk of a vulnerability by marking the vulnerability as Ignored.
Custom Scan Types
Apart from using the default Scan Types included in Acunetix, Acunetix Online users are now able to choose which specific vulnerabilities to scan for. This is made possible through the creation of Custom Scan Types. For example, a Custom Scan Type can be created to scan Targets for a recently discovered vulnerability.
Acunetix Online now allows reports to be generated on:
- Individual or multiple Scans,
- Individual or multiple Targets,
- Individual, multiple or all the Vulnerabilities identified by Acunetix.
There is also the introduction of a Scan Comparison report which highlights the differences between 2 scans, allowing the user to easily identify the new vulnerabilities in the latest scans, or the vulnerabilities that have not been detected, which could mean that they are fixed. Reports are now available in both PDF and HTML.
Network Security Scanning
Acunetix Online provides a comprehensive perimeter network security scanning service by integrating with the latest OpenVAS network vulnerability scanning engine (v9). Acunetix Online can now detect in excess of 50,000 network vulnerabilities.
Added functionality for Acunetix Integrators
Acunetix have added a new API that may be used by system integrators, exposing all the functionality available in Acunetix. The API is able to provide up-to-the-minute status of on-going scans together with information on vulnerabilities identified for these scans.