Changing a vulnerability status
All vulnerabilities identified during a scan are automatically assigned the Open status. As you review the detected vulnerabilities, you can change the status of each vulnerability on the vulnerabilities page. In addition to the Open status, there are three more options:
Fixed: This status is given to vulnerabilities that are fixed by developers. If the vulnerability is found again by Acunetix, the vulnerability will be reopened and marked as Rediscovered.
False Positive: There are situations where a vulnerability is incorrectly detected by Acunetix. The vulnerability will not be reported again in future scans.
Ignored: This status can be used for vulnerabilities that are not False Positives but which, for some reason, should be ignored in future scans.
How do I change the vulnerability status?
- On the vulnerabilities page, select the checkbox next to each vulnerability that you want to change the status.
- Click Mark as and select a status option from the list.
Your selected vulnerabilities now have the new status that you assigned.
Vulnerabilities marked as False Positive or Ignored can be reopened manually at any time. You can use the filter to find vulnerabilities with the changed status.
Integrate Acunetix with an issue tracker application to streamline the vulnerability-fixing process. For further information, refer to Configuring issue tracker integration.
No time to fix vulnerabilities? Export vulnerabilities from Acunetix and import them into your WAF to save time for the fix. For further information, refer to Exporting scan results to WAFs.
You can retest those vulnerabilities that are fixed by developers to confirm that they are fixed. When you select Retest, Acunetix runs a new scan using a custom scanning profile restricted to the specific vulnerability. During the retest, Acunetix only tests the vulnerable page.
- If an Acunetix scan confirms that the vulnerability is not found anymore, you can mark it as Fixed.
- If an Acunetix scan identifies that the vulnerability is found, it is listed as Rediscovered.
- If a new scan identifies the vulnerability you marked as Fixed previously, Acunetix lists it as Rediscovered on the vulnerability page.
- All vulnerabilities are retestable.
How do I retest vulnerabilities?
- On the vulnerabilities page, select the checkbox next to each vulnerability that you want to retest.
- Click Retest.
A notification appears at the bottom of the screen, confirming that a scan has been initiated to retest the selected vulnerability.