What is Acunetix 360?

Acunetix 360 is an automated, yet fully configurable, online web application security scanner that enables you to scan websites, web applications and web services, and identify security flaws. Acunetix 360 can scan all types of web applications, regardless of the platform or the language with which they are built.

Acunetix 360 is the only online web application security scanner that automatically exploits identified vulnerabilities in a read-only and safe way, in order to confirm identified issues. It also presents proof of the vulnerability so you do not need to waste time manually verifying it. For example, in the case of a detected SQL injection vulnerability, it will show the database name as proof of the vulnerability.

Our scanning technology is designed to help you secure web applications easily without any fuss, so you can focus on fixing the reported vulnerabilities. If Acunetix 360 cannot automatically confirm a vulnerability, it will inform you about it by prefixing it with '[Possible]', and assigning a Certainty value, so you know what should be fixed immediately.

Key Concepts

This is a list of key concepts in Acunetix 360.



Highly accurate

Acunetix 360 produces highly accurate web application security scans, whose vulnerabilities are verified, proving that they are not false positives.

Proof of Exploit

Our technology actively and automatically verifies detected vulnerabilities, confirming that they are real and not false positives, by exploiting them in a read-only and safe manner. Depending on the type of vulnerability, Acunetix 360 will generate proof. Some vulnerabilities also allow you to exploit them manually or generate a Proof of Concept (see below).

It's completely safe. For example, when exploiting a SQL injection vulnerability and generating a proof of exploit for it, the scanners will only try to read data from the database, not write or delete data from the database.

A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, demonstrating the impact an exploited vulnerability can have and proving that it is not a false positive. This is what it looks like in the case of an SQL Injection vulnerability, as reported in Acunetix 360.

The Acunetix 360 scanner can generate a proof when they identify the following vulnerability types:

  • SQL Injection
  • Boolean SQL Injection
  • Blind SQL Injection
  • Command Injection
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Remote Code Evaluation
  • Remote Code Execution via Local File Inclusion

If Acunetix 360 is unable to automatically prove the vulnerability exists, you will be advised so that you can double-check its findings.

Proof of Concept

Acunetix 360 identifies vulnerabilities, then it safely exploits them during the web vulnerability scan. This Proof of Concept is the actual exploit that proves that the vulnerability exists. Manual verification is unnecessary.  And, it's useful if you need to reproduce the vulnerability for a developer.

This is what an XSS vulnerability report looks like, where the Proof URL is what Acunetix 360 uses to exploit the vulnerability.


A vulnerability is a security weakness in your website or web application that provides an opening for malicious hackers to gain access, get access to data or exploit for illegitimate or illegal purposes.


An Issue is the name, type, date and other details of any detected vulnerability.


Each vulnerability is assigned a different severity or threat level according to the damage it could do and the urgency with which it requires fixing.

Scan Policies

Acunetix 360 allows you to use Scan Policies in order to determine and specify the type, range, and targets of your scan according to your needs.

Scheduled Scans

Scans can be launched immediately or they can be scheduled for times when it best suits you, including at regular intervals.


Acunetix 360 integrates with a wide range of software and tools that enable you to connect with your existing SDLC, including vulnerability management systems, issue tracking systems, continuous integration systems, single sign-on providers, team messaging systems, and web application firewalls.

Benefits of the Proof of Exploit Feature

Here are some of the key benefits:

  • Users can be sure that detected vulnerabilities reported by Acunetix 360 defects are real, and not false positives because each report comes with proof of the exploit.
  • The exploitation of vulnerabilities is totally safe and read-only, with no data written into or deleted from your database.
  • Development teams can rely on the information you provide since the vulnerabilities and issues have proof, contain detailed remediation information, and are prioritized.
  • You do not have to spend time manually verifying detected vulnerabilities, so you can focus your limited resources on fixing them.
  • You do not have to employ seasoned security professionals since results are automatically confirmed,  and there is no need to know how to reproduce the findings.

Acunetix 360 Features

Acunetix 360 is an online web application security scanner that is available On-Demand and On-Premises.

Acunetix 360 Crawling and Scanning Technology

Thanks to its Proof of Exploit feature, Acunetix 360 actively and automatically verifies detected vulnerabilities, confirming that they are real and not false positives, by exploiting them in a read-only and safe manner and providing absolute proof that a vulnerability exists.

Overview of Acunetix 360 Web Application Security Scanner

Acunetix 360 is a scalable, multi-user online vulnerability scanner with built-in enterprise workflow and testing tools. Because it is a browser-based cloud platform, you do not need to buy, license, install or support hardware or software. You can also launch as many web application security scans as you want within minutes.

Scalability of Service

Scalability is the major benefit of the Acunetix 360 scanner edition, enabling you to scan thousands of websites at once.

Feature Highlight: Website Groups

Acunetix 360 enables you to group websites, configure generic scan settings and launch or schedule a web security scan with a single click.

Keeping Up with the Latest Web Security Threats

Follow our web application security blog and you will notice that we frequently release software updates. In fact, our list of vulnerabilities checks grows daily. Releasing frequent updates ensures that you can scan your web applications against the latest security threats and vulnerabilities. The response time for releasing new security checks is also critical especially when a vulnerability such as Shellshock is discovered and being exploited in the wild.

Acunetix 360 is maintenance-free. We update the service and updates are automatically available.

Team Collaboration

Acunetix 360 is a multi-user environment. Every team member has their own user account and can launch web application security scans, view reports and issues. As an administrator, you can configure different privileges for each user.

Feature Highlight: Vulnerability Management and Tasks

Just like dedicated bug tracking systems, Acunetix 360 enables you to assign identified vulnerabilities as tasks to team members for remediation. This is an essential feature when you are tracking the security of many web applications.

Tasks marked as Fixed are automatically rescanned. Depending on the result, they are either closed or reopened and reassigned.

The vulnerability management system is designed to ensure every user knows what they need to do, and for results and fixes to be checked automatically. You can also integrate your existing bug tracking solution.

Web Application Security Scans in Your SDLC

Acunetix 360 can be easily integrated into your SDLC and Continuous Integration processes.

It has an extensive and well-documented API that you can use to trigger any type of action available in the Acunetix 360 dashboard. In addition, it has native plugins that allow for continuous integration with tools such as TeamCity, Jenkins, Bamboo, GitLab, and Azure that help to expand Acunetix 360’s capabilities.

Keeping Web Applications Secure

Launching a single web application security scan and remediating the identified vulnerabilities can be quite difficult. It is even more demanding to scan all web applications frequently and ensure that detected vulnerabilities are fixed and that the applied fixes do not open new security flaws. This is where Acunetix 360 shines. Its trending and correlated reports are automatically updated each time a website or web application is scanned. This negates the need to manually compare results.

If you operate in a large team and have many websites and web applications to secure, and need supporting tools to ensure collaboration among the team members, Acunetix 360 is recommended.


« Back to the Acunetix Support Page