Before Using Acunetix 360
The most important thing that you need to know before using Acunetix 360 is that you must not scan a website without proper authorization from the owner. Scanning a website without this authorization is against the law. Acunetix 360 is not responsible for such actions and cannot be held responsible for potential damage to the target website.
What You Need to Know Before Launching a Web Security Scan
Acunetix 360 is a web application security scanner that uses Proof-Based ScanningTM technology to attack web applications in order to automatically detect vulnerabilities such as XSS and SQL Injection. This means that the Acunetix 360 scanner has to identify all attack surfaces on the website. To do so, the crawler will navigate through the entire website and submit every form, including comment forms, email contact forms, delete buttons and all other types of inputs it finds in the target web application.
Preventing Acunetix 360 from Testing Certain Pages
To prevent Acunetix 360 from crawling and testing certain parts or pages on your website applications, you must specify them in the Exclude URLs with RegEx option in Scan Options, as illustrated.
A web security scan consists of two phases: the crawling phase where the crawler browses the entire web application to identify all attack surfaces, and the scanning phase where the scanner starts attacking the website. During both phases, the scanner will send a large number of HTTP requests to the target website. Should the web security scan affect the performance of your website, you can decrease the number of concurrent connections in the Scan Policy.
For further information, see Excluding Parts of a Website From a Scan, Excluding File Types From a Scan and Excluding Parameters from a Scan.
You can also reduce the number of concurrent connections during a scan (see How Can You Improve Scan Results?).
The Acunetix 360 scanner is designed to run non-destructive web application security scans. However, we still recommend that you launch a web application security scan against pre-production websites when possible, especially at the start. Once you get used to Acunetix 360, and discover the correct configuration for scanning your web applications, you will be more confident scanning an actual production website.
Acunetix Support and Documentation
Professional support is available to all customers and trial users. If you need help, please contact Support at email@example.com.
For detailed product information, see Support.