Configuring scan profiles
Acunetix uses scan profiles, which are a collection of pre-configured tests, to check your web application for vulnerabilities.
Acunetix comes with a variety of scan profiles by default that is designed to meet the requirements of application security specialists. Even so, you can create unique scan profiles to adjust the scan to your particular requirements and improve the tests that are run.
You can concentrate on particular areas of concern and ensure the scan appropriately represents the specific security requirements of your web application by choosing the precise tests you require. By doing so, you can fully cover your online application and increase the overall efficacy of your security testing efforts.
Scanning production environment
Acunetix is designed to run non-destructive security scans and is obviously not malicious in intent. Still, these checks are invasive, and their actions can affect a web application negatively.
Default scan profiles
The following are the built-in scan profiles:
- Full Scan uses the full scan profile to launch a scan using all the checks available in Acunetix. This profile provides the most comprehensive coverage of vulnerabilities.
- High Risk only checks for the most dangerous web vulnerabilities, such as Cross-site Scripting, SQL injection, File Inclusion, and more. The checks included in the High Risks are dynamically generated with releases to add the latest high-severity checks.
- Cross-site Scripting only checks for Cross-site Scripting vulnerabilities. This profile is dynamically generated, meaning that it is updated with releases to add the latest checks.
- SQL Injection only checks for SQL Injection vulnerabilities. This profile is dynamically generated, meaning that it is updated with releases to add the latest checks.
- Weak Passwords identify forms that accept a username and password and will attack these forms.
- Crawl Only only crawls the site and builds the structure of the site without running any vulnerability checks.
- Full Web and Network Scan includes all the web vulnerability checks Acunetix support and all the network checks that Acunetix support via the OpenVas engine. For all web checks, see Web Application Vulnerabilities. For all network checks, see Network Security Checks.
- Network Scan uses the OpenVAS engine inside your network to scan network services that are not available from the outside but still may be subject to internal threats.
Custom scan profiles
In addition to the built-in scan profiles, you can tailor checks based on your needs. The following is the list of checks you can add to your custom scan profile:
- Scanning tests include different types of scanning tests as explained below:
- File tests check vulnerabilities in files identified on the website.
- Directory tests check vulnerabilities on directories identified on the website.
- Input scheme tests check vulnerabilities on various parts of the website, such as GET parameters, Form inputs, and HTTP headers.
- Server tests check vulnerabilities that are related to the server hosting the website.
- Structure tests include the tests that are executed at the end of the crawl session, identifying vulnerabilities in the structure of the website.
- Post-scan tests include checks that are carried out at the end of the scan, such as checking for any Stored Cross-site Scripting, which might have been injected during the scan.
- Known web application tests include security audits for various well-known web applications, such as WordPress or SAP products.
- Runtime passive analysis includes vulnerability checks run passively during the crawl, for example, checks for situations where the website insecurely transitions from HTTPS to HTTP.
- Crawler analysis includes vulnerability checks that act upon the responses from the webserver to the Crawler requests.
- Location tests include tests that are executed on each unique location identified.
- HTTP Data tests include vulnerability checks executed on all the requests. These are checking for very specific content in the request / response and will proceed doing further verifications in specific scenarios. For example, the SAML signature audit checks are only executed when SAMLResponse is found.
- Target tests include vulnerability checks executed only once on the target being scanned.
- Input parsing tests include checks targeting input parsing vulnerabilities, such as Prototype pollution.
- Client-side tests include checks executed using the browser capabilities provided by DeepScan. An example of such vulnerabilities is DOM Cross-site Scripting.
- Custom scripts include scripts that execute any custom scripts found in the custom-scripts folder
- Malware Scanner includes checks the web application for malware.
How to add a custom scan profile
- Log in to Acunetix.
- From the main menu, select Scan Profiles.
- Select Add New Profile.
- Into the Scan Profile Name field, enter a friendly name.
- Select tests or search for them. (For this example, we select Cross-site Scripting checks.)
- Select Save.
Your new scan profile appears on the Scan Profiles page.
When starting a new scan, you can choose a built-in profile or your custom scan profile from the Scan Profile drop-down.
For further information, see Launching Scans.