Fixing vulnerabilities
Acunetix is an effective tool for detecting and helping you fix vulnerabilities in web applications.
- Acunetix identifies vulnerabilities and gives specific information such as attack details, vulnerability description, HTTP request and response, and more.
- The information provided in the vulnerability report is crucial when it comes to fixing vulnerabilities. The report assists you in understanding the core cause of the vulnerability and offers advice on how to resolve it. Using this knowledge, you may immediately develop a solution to the issue.
This topic explains how Acunetix helps you fix vulnerabilities.
How to view the vulnerability detail
- Log in to Acunetix.
- From the main menu, select Vulnerabilities.
- On the Vulnerabilities page, select any vulnerability to see the details.
The vulnerability details page has the following sections:
URL
This is a reference to a resource that contains the issue.
Parameter
This is the variable used to identify the issue.
Attack Details
This provides the details about the attack Acunetix made to exploit the vulnerability.
Proof of Exploit
This is a piece of evidence supplied to prove that the vulnerability exists. The proof of exploit indicates that Acunetix is 100% confident that the vulnerability exists. The proof of exploit confirms the severity of the vulnerability by providing information that is considered confidential and should not be accessible.
This proof saves developers from hours of hunting for false positives. Developers can start fixing the vulnerability without having second thoughts about the vulnerability.
If you enable AcuSensor, you can have more information about the proof and vulnerability. AcuSensor shows the exact location of the issue and simplifies remediation efforts.
Thanks to AcuSensor, Acunetix can identify vulnerable packages being used in your web application. If Acunetix identifies multiple vulnerable packages in the same severity level, the scanner provides a detailed description for each vulnerable package.
Vulnerability Description
This provides detailed information on the vulnerability identified. The description helps you understand the vulnerability, so you can quickly fix the vulnerability.
HTTP Request
This is the whole HTTP request that Acunetix sent in order to detect the issue. This request helps you understand how Acunetix exploited the vulnerability.
HTTP Response
This is the reply from the system against the payload. Acunetix highlights the vulnerability section in the response.
The impact of this vulnerability
This shows the effect of the vulnerability on the Target URL.
How to fix this vulnerability
This provides guidance on how you can fix the vulnerability quickly.
Classification
This shows Common Weakness Enumeration (CWE) id and Common Vulnerability Scoring System (CVSS) -v2 and v3- scores to provide an idea of how severe the vulnerability is on a global scale. CWE also includes the link to the relevant CWE web page as well.
CVSS provides the Base Score and vector string: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality, Integrity, and Availability.
Detailed information
This shows comprehensive information about the vulnerability identified. The section provides how the vulnerability occurs in the first place, what an attacker can do with this vulnerability, and how you can prevent it from occurring in the future.
Web References
This provides links to other websites where you can find more information.