Vulnerability Editor in Acunetix 360
The vulnerability editor in Acunetix 360 lets you modify a vulnerability's details, such as its severity impacts, based on your needs.
When you run a scan, you attach a report policy to it. While the scan policy affects which checks Acunetix 360 runs, the report policy affects your result report. For example, if you changed the severity level of the SQL Injection to the Best Practice severity level, you may miss a critical security issue in your web application.
Thanks to the vulnerability editor, you can do the following:
- Modify the severity level of a vulnerability
- Change a vulnerability's order, impact, signature type, etc.
This topic explains the Vulnerability Editor and how to edit it according to your needs.
To edit a vulnerability's details in Acunetix 360, you need to create a new report policy or clone the default report policy. For further information, see Custom Report Policies.
Configuring the Vulnerability Editor
You can customize a vulnerability's description, name, its severity, etc. based on your needs. For example, you may regard a certain vulnerability's severity as Low while others may regard its severity as High.
Vulnerability Editor fields
This table lists and explains the fields in the Vulnerability Editor.
This is the name of the vulnerability.
This is the type of vulnerability. It is read-only.
This is the importance of vulnerability. The drop-down options are:
For further information, see Vulnerability Severity Levels.
This determines how Acunetix 360 reports vulnerabilities identified. The drop-down options are:
This is the priority Acunetix 360 rests on in order to list the vulnerabilities identified. The drop-down options are:
This is the impact of vulnerability. You can choose one or more built-in impacts for the vulnerability identified by Acunetix 360. The message is displayed in scan reports.
This indicates whether the issue can be retested. For further information, see Managing Issues.
Show Attack Pattern
This determines whether you want Acunetix 360 to display the attack pattern in the scan reports.
This determines whether the vulnerability is in your custom report. If selected, Acunetix 360 removes the vulnerability from the custom report policy list. So, Acunetix 360 does not report this vulnerability.
This instructs whether Acunetix 360 runs a security check for a vulnerability. If only selected, Acunetix 360 checks whether a vulnerability exists in your system.
This indicates that Acunetix 360 can add this vulnerability to the Web Application Firewall Rules report. For further information, see ModSecurity WAF Rules Report and F5 BIG-IP ASM WAF Rules Report.
How to edit vulnerability details with the Vulnerability Editor in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, select Report Policies.
- From the Report Policies page, select a custom policy you want to edit.
- Select the Editor tab.
- Select a vulnerability, then Edit. The Vulnerability Editor dialog is displayed.
- From the Vulnerability Editor dialog, make changes as required and select Save.
Please note that your changes apply only to new scans. To see your changes in reports, you need to run new scans with the custom report policy you edited.