Create a New Scan

Acunetix 360 enables you to begin scanning web applications immediately, by selecting the default scan settings.

However, there are multiple, customizable scan options available. Each option is explained in the following sections.

For further details, see  Acunetix 360 Assistant, Overview of Scanning, Overview of Scan Policies, and Scheduling Scans.

How to Scan a Target in Acunetix 360

Before scanning your first target in Acunetix 360, make sure you have added a target (Add a Target in Acunetix 360).

  1. From the sidebar, click Scans, then New Scan.
  2. In the Target URL field, enter the URL.
  3. Complete the remainder of the fields, as described in  Acunetix 360 New Scan Fields and Acunetix 360 Scan Options Fields.
  4. Click Launch.
How to Run a Group Scan in Acunetix 360
  1. From the sidebar, click Scans, then New Group Scan. The New Group Scan page is displayed.

  1. From the Target Group dropdown, select the target group you want to scan.
  2. Complete the remainder of the fields, as described in How to Scan a Target in Acunetix 360.
  3. Click Launch.

You can also launch Group Scans from Manage Groups page (click Scan).

How to Run a Retest in Acunetix 360
  1. From the sidebar, click Scans, then Recent Scans. The Recent Scans page is displayed.
  2. Next to the scan for which you want to run a Retest, click the Scan dropdown, and select Retest. The Retest Scan page is displayed.

  1. Click Launch.
How to Run Bulk Operations on a Scan in Acunetix 360
  1. From the sidebar, click Scans, then Recent Scans. The Recent Scans page is displayed.
  2. Next to the scans for which you want to run a bulk operation, click the checkbox.
  3. Click the Bulk dropdown, and select the bulk operation you want.

  1. A dialog is displayed asking you to confirm your choice.

  1. Click Delete, Cancel or Pause as required.

Acunetix 360 New Scan Fields

This table lists and explains the fields in the New Scan page.

Field

Description

Target URL

This is the Target URL of the website, including the path.The Target URL needs to be pre-configured for a Target. When you click on the field, the field displays the Target URLs. Start typing in the Target URL field to filter the list accordingly.

Scan Profile

This is the Scan Profile.

For further information, see Configure Scan Profiles.

Acunetix 360 Scan Options Fields

This section lists and explains the fields in the Scan Options section.

General

In this tab, you can configure the basic scanning options.

Field

Description

Scan Policy

The Scan Policy defines which security tests will be performed.

For further information, see Overview of Scan Policies and Scan Policies and the Scan Policy Editor.

User Agent

This indicates the choice of user agent to be used during the scan. You can either configure your custom User-Agent or choose one of the predefined for the well-known browsers:

  • Google Chrome
  • Internet Explorer 11
  • Firefox
  • Opera
  • Safari
  • iPhone with iOS 6
  • Webkit on Android 4.0.3

Scan Speed

This indicates the scan speed. The options are:

  • Slower (1 Concurrent Request, 0 ms Request Delay)
  • Slow (2 Concurrent Requests, 250 ms Request Delay)
  • Moderate (5 Concurrent Requests, 250 ms Request Delay)
  • Fast (10 Concurrent Requests, 0 ms Request Delay)

Generate Diagnostic Data

Enable this option to troubleshoot the scanning done on a specific target. The progress of the scan is logged, including any problems that are encountered.

Maximum Vulnerability Threshold

This slider indicates the maximum number of vulnerabilities of the same vulnerability type that will be reported.

Scan Scope

In this tab, you can configure the options which affect the Scan Scope.

Field

Description

Case Sensitive Paths

Select to determine whether Acunetix 360 should take into consideration the case used in the paths during the scan.

The options are:

  • Auto
  • Yes
  • No

Limit crawling to address and sub-directories only 

Use this option to configure the scope of the scan to the address and sub-directories of the specified address. To limit the scan scope to a sub-directory, the address of the Target needs to end in a /. E.g. http://www.domain.local/blog/ will scan only under the /blog/ path.

Excluded Paths

Scans can be configured to not visit and test URLs that match any of the listed regular expressions.

For further information, see Configure the Scan Scope.

Import Files

In this tab, you can add any files to be imported by crawler at the start of the scan.

Field

Description

Add File

Click to upload a file containing a list of URLs.

Accepted formats include text file with a list of URLs (.txt), Fiddler (.saz), Swagger (.json, .yaml or .yml), .WSDL, BURP saved (.xml) and state files, Selenium (.html, .side) or .HAR files.

For further information, see Import Files.

Form Authentication

In this tab, you can configure Form Authentication options.

Field

Description

None

Select to indicate that no form authentication is required for the target website. This is the default.

Auto-Login

Select to indicate that the site requires  authentication. Acunetix will try to automatically detect the login form, and use the credentials provided to login to the site during the scan.. This can be used for most web applications, however you should monitor the Site Structure to ensure that the restricted areas have been scanned.

If the site uses a complex authentication system, and Acunetix does not manage to locate the login page, you can use the Pre-Recorded Login Sequence option to manually record the login actions.

Pre-Recorded Login Sequence

Select to indicate that authentication, with a script, is required for the target website.

You will need to download and install the Login Sequence Recorder on a Windows machine. Record the login sequence, then click Browse and select the script file to upload.

For further information, see VIDEO: Acunetix Login Sequence Recorder.

HTTP Authentication

In this tab, you can configure NTLM/Kerberos, Basic or Digest authentication. Acunetix will automatically detect the type of authentication supported by the server

Field

Description

Username

Enter the username to be used for HTTP Authentication

Password

Enter the password to be used for HTTP Authentication.

Retype Password

Re-enter the password to be used for HTTP Authentication

Proxy Server

In this tab, you can configure Proxy Settings to be used by the scan.

Field

Description

Proxy Server

Select to enable Proxy Server settings.

Protocol

Currently only HTTP is supported

Address

Insert the address of the proxy server to use.

Port

Insert the port of the proxy server to use.

Is Authentication Required

Click to enable the Authentication options

Username

Insert the Username to be used to authenticate with the proxy server

Password

Insert the Password to be used to authenticate with the proxy server

Retype Password

 Confirm the Password to be used to authenticate with the proxy server

Client Certificate

In this tab, you can configure Client Certificate authentication.

Field

Description

Client Certificate

Select to enable a client certificate to be used to log in to the web application.

File

Click to browse and upload the certificate file.

Password

Enter the password for the certificate.

Retype Password

Re-enter the password for the certificate.

Custom Headers

In this tab, you can configure configure custom HTTP Headers. These are often used for HTTP Header authentication.

Field

Description

Enabled

Select to enable Custom Headers. All listed HTTP headers will be added to all HTTP requests.

New Custom Header

Click to add a new Custom Header.

Name

Enter the name of the Header. It must contain ASCII characters only.

Value

Enter the value of the header.

Custom Cookies

In this tab, you can configure custom cookies.

Field

Description

Enabled

Select to enable custom cookies.

Add

Click to add a new custom cookie.

Cookie URL

Enter the URL of the cookie.

Value

Enter the value of the cookie.

Technologies

In this tab, you can configure the technologies used by the web application. In most cases, Acunetix 360 can automatically detect the technology used by the web application. When choosing a technology, Acunetix restricts the scan to the specific technology, making the scan go faster.

Field

Description

Enabled

Select to enable technology detection.

Technologies

Check to select the technology you want Acunetix 360 to detect.

Scan Time Window

In this tab, you can configure the time periods in the week during which scanning is allowed. If a scan reaches a period of the week when it should not be running, the scan is automatically paused, and resumed as per the Scan Time Window configured.

When enabling the Scan Time Window, you can either use one of the predefined scan time windows, or configure a custom one by moving the sliders in the Scan Time Window panel.

Field

Description

Enable Scan Time Window

Select to enable the configuration of scan time settings.

Weekends

Click to enable configuration of the Scan Time Window. The default start and stop time is 00:00 to 23:59 on Saturday and Sunday. Drag the slider and click Scan/Do Not Scan to alter.

Business Hours

This tab enables configuration of the Scan Time Window. The default start and stop time is 09:00 to 18:00 from Monday to Friday. Drag the slider and click Scan/Do Not Scan to alter.

Non-business Hours

This tab enables configuration of the Scan Time Window. The default start and stop time is 09:00 to 18:00. Drag the slider and click Scan/Do Not Scan to alter.

For further information, see Scan Time Window.

 

« Back to the Acunetix Support Page