Configuring scan profiles

Acunetix uses scan profiles, which are a collection of pre-configured tests, to check your web application for vulnerabilities. A variety of scan profiles are included by default that are designed to meet the requirements of application security specialists. In addition to the built-in scan profiles, you can tailor checks based on your needs by creating custom scan profiles to suit your particular requirements and improve the tests that are run.

Default scan profiles

These are the built-in scan profiles:

• Full Scan: Uses the full scan profile to launch a scan using all the checks available in Acunetix. This profile provides the most comprehensive coverage of vulnerabilities.
• Critical / High Risk: Only checks for the most dangerous web vulnerabilities, such as Cross-site Scripting, SQL Injection, File Inclusion, and more. The checks included in the Critical / High Risk scan profile are dynamically generated with each release to add the latest high-severity checks.
• High / Medium Risk: Only checks for web vulnerabilities that put the site at high risk of being hacked and medium risk server misconfigurations and site-coding flaws. The checks included in the High and Medium Risks are dynamically generated with each release to add the latest high-severity and medium-severity checks.
• Cross-site Scripting: Only checks for Cross-site Scripting vulnerabilities. This scan profile is dynamically generated, meaning that it is updated with each release to add the latest checks.
• SQL Injection: Only checks for SQL Injection vulnerabilities. This scan profile is dynamically generated, meaning that it is updated with each release to add the latest checks.

• Weak Passwords: This scan profile identifies forms that accept a username and password. It will attack these forms to identify vulnerabilities.
• Crawl Only: Only crawls the site and builds the structure of the site without running any vulnerability checks.
• Full Web and Network Scan: This includes all the web vulnerability checks that Acunetix supports and all the network security checks that Acunetix supports via the OpenVAS engine. For a list of all web checks, refer to Web Application Vulnerabilities. For a list of all network checks, refer to Network Security Checks.

• Network Scan: Uses the OpenVAS engine inside your network to scan network services that are not available from the outside but still may be subject to internal threats.
• OWASP Top 10: Only checks for the most critical security risks to web applications as defined by the OWASP Top 10.
• PCI checks: Identifies vulnerabilities that do not comply with Payment Card Industry (PCI) data security standards.  
• Sans Top 25: Only checks for the top 25 most dangerous software errors of the Common Weakness Enumeration (CWE) list.

Custom scan profiles

You can concentrate on particular areas of concern and ensure the scan appropriately represents the specific security requirements of your web application by choosing the precise tests you require. By doing so, you can fully cover your online application and increase the overall efficacy of your security testing efforts.

Here are the checks you can add to your custom scan profile:

• Scanning tests which include the following different types of tests:

• File tests check vulnerabilities in files identified on the website.
• Directory tests check vulnerabilities on directories identified on the website.
• Input scheme tests check vulnerabilities on various parts of the website, such as GET parameters, Form inputs, and HTTP headers.
• Server tests check vulnerabilities that are related to the server hosting the website.
• Structure tests include the tests that are executed at the end of the crawl session, identifying vulnerabilities in the structure of the website.
• Post-scan tests include checks that are carried out at the end of the scan, such as checking for any stored cross-site scripting that might have been injected during the scan.
• Known web application tests include security audits for various well-known web applications, such as WordPress or SAP products.

• Runtime passive analysis includes vulnerability checks run passively during the crawl. For example, checks for situations where the website insecurely transitions from HTTPS to HTTP.
• Crawler analysis includes vulnerability checks that act upon the responses from the webserver to the crawler requests.
• Location tests include tests that are executed on each unique location identified.
• HTTP Data tests include vulnerability checks executed on all the requests. These are checking for very specific content in the request/response and will proceed doing further verifications in specific scenarios. For example, the SAML signature audit checks are only executed when SAMLResponse is found.
• Target tests include vulnerability checks executed only once on the target being scanned.
• Input parsing tests include checks targeting input parsing vulnerabilities, such as prototype pollution.
• Client-side checks include checks executed using the browser capabilities provided by DeepScan. An example of such vulnerabilities is DOM Cross-site Scripting.
• Custom scripts include scripts that execute any custom scripts found in the custom-scripts folder.
• Malware Scanner (On-Premises only) includes checks of the web application for malicious links and malware.

How to add a custom scan profile

1. Select Scan Profiles from the side menu.
2. Click Add New Profile.

3. Add a Scan Profile Name. 
4. Select the checks for your custom scan profile. You can also use the search field to find checks and tests.    
5. Click Save.

Your new custom scan profile appears at the bottom of the Scan Profiles page.

How to run a scan using a custom scan profile

When starting a new scan, you can choose a built-in profile or your custom scan profile from the Default Scan Profile drop-down. For detailed instructions, refer to Launching Scans.