Before Using Acunetix 360

The most important thing that you need to know before using Acunetix 360 is that you must not scan a website without proper authorization from the owner. Scanning a website without this authorization is against the law. Acunetix is not responsible for such actions and cannot be held responsible for potential damage to the target website.

What You Need to Know Before Launching a Web Security Scan

Acunetix 360's advanced web application security scanner attacks web applications in order to automatically detect vulnerabilities such as XSS and SQL Injection. This means that Acunetix 360 scanners have to identify all attack surfaces on the website. To do so, the crawler will navigate through the entire website and submit every form, including comment forms, email contact forms, delete buttons and all other types of inputs it finds in the target web application. In a similar way, Acunetix 360 DeepScan processes JavaScript to identify all attack vectors which can only be triggered from JavaScript.

Preventing Acunetix 360 from Testing Certain Pages

To prevent Acunetix 360 from crawling and testing certain parts or pages on your website applications, you must specify them in the Excluded Paths option in the Scan Scope tab as illustrated.

A web security scan consists of two phases: the crawling phase where the crawler browses the entire web application to identify all attack surfaces, and the scanning phase where the scanner starts attacking the website. During both phases, the scanner will send a large number of HTTP requests to the target website. Should the web security scan affect the performance of your website, you can decrease the Scan Speed in the General tab.

For further information, see Exclude Parts of Your Website From a Web Security Scan.

Recommended Practice

Acunetix 360 scanners are designed to run non-destructive web application security scans. However, we still recommend that you launch a web application security scan against pre-production websites when possible, especially at the start. Once you get used to Acunetix 360, and discover the correct configuration for scanning your web applications, you will be more confident scanning an actual production website.

Acunetix 360 Support and Documentation

Professional support is available to all customers and trial users. If you need help, please contact Support at support@acunetix.com.

For detailed product information, see Support.

 

« Back to the Acunetix Support Page