Overview of Report Policies in Acunetix 360

A report policy is a list of reporting settings for web security scan results and reports.

This article explains how to view report policies in Acunetix 360.

Overview of Report Policies

When you run a scan, you attach a report policy to it. While the scan policy affects which checks Acunetix 360 will run, the report policy affects your result report. For example, if you changed the severity level of the SQL Injection to the Best Practice severity level, you may miss a critical security issue in your web application.

With a report policy, you can do the following:

  • Specify which detected vulnerabilities Acunetix 360 should report in the Scan Results.
  • Change the Severity level, the visibility, and the classification properties of a vulnerability.

A Custom Report Policy enables you to configure these settings, including how the web security scanner displays its findings in the Acunetix 360 application and in reports. (If you want to enable or disable specific security checks in the actual scan itself, you should configure a Scan Policy instead.)

While you can create your own report policy in line with your requirements, you can also rely on Acunetix 360's built-in Report Policy - the Default Report Policy. It is read-only and is used to provide the default settings for your custom Report Policies. You can clone existing Report Policies or create new ones, and then the new custom report policy is modified to suit your requirements.

For creating your own report policy, refer to Custom Report Policies.

IMPORTANT: When you exclude the SQL Injection vulnerability from a Report Policy and run a report, the scanner will still check if the target web application is vulnerable to this vulnerability. However, if it detects one, it won’t report it in the scan results. With the Report Policy, the SQL Injection is only hidden.
If you later generate a report from the same scan with the Default Report Policy, in which the SQL Injection vulnerability is included, the identified SQL Injection vulnerability will be listed in the report.

Report Policies Fields

This table lists and explains the fields in the New Report Policy window in Acunetix 360.




Enter a name for the Report Policy.


Enter a simple description that will help you remember what it is for.


Select this checkbox to share your Report Policy with other team members.

How to View Report Policies in Acunetix 360

  1. Log in to Acunetix 360.
  2. From the main menu, select Policies > Report Policies.

From this page, you can view, clone, edit, delete, or export to CSV any listed policy. Admin users with permission can manage their team member's Report Policies. This means that if a Report Policy is private but belongs to your team member, you can still view, edit, delete and clone that policy.

« Back to the Acunetix Support Page