Managing and prioritizing vulnerabilities
Acunetix offers vulnerability management, enabling you to prioritize and manage vulnerabilities effectively.
- Acunetix groups vulnerabilities based on their type and severity. This makes it easier for you to identify the most critical vulnerabilities that require immediate attention.
- You can select a vulnerability to see its details. This allows you to get more information about vulnerabilities and how you can solve them.
- You can also mark vulnerabilities as fixed or false positives. You can also generate reports and retest them if required. Additionally, you can export them to issue trackers, such as Jira.
This topic explains how to manage and prioritize vulnerabilities. To learn more about fixing vulnerabilities, refer to Fixing vulnerabilities. If you want to review a scan result, refer to Reviewing Scan Results.
Vulnerability page fields
Column | Description |
Severity | This column lists vulnerabilities based on their severity. The severity can be High, Medium, Low, or Informational. For further information, refer to What vulnerability classifications does Acunetix use? |
Vulnerability | This column lists vulnerabilities identified by Acunetix. |
URL | This column lists the URL where the vulnerability is identified. |
Parameter | This column lists the parameters that Acunetix used to identify the vulnerability. |
Status | This column lists the status of the vulnerability. The status can be Open, Fixed, Ignored, Rediscovered, False Positive, or Not Open. |
Confidence % | This column lists the confidence level, showing how Acunetix is certain of the vulnerability it identified. It can be 100, 95, or 80 percent. For further information, refer to What is the vulnerability confidence rating and why is it important? |
Last Seen | This column lists the date and time in which Acunetix identified the vulnerability. |
Vulnerability Id | This column lists the identification number assigned by Acunetix to a vulnerability. |
Issue Id | This column lists the issue number that you exported to an issue tracker application, such as Jira. |
Type | This column lists which type of scans (web or network) identified the vulnerability. |
Tips Select the icon on the vulnerability page to customize it based on your needs. |
Prioritizing vulnerabilities
It's critical to prioritize vulnerability fixes based on their severity level and the impact they pose on your organization. Acunetix helps you in this regard, as it provides a reliable way to prioritize the vulnerabilities.
In addition to their severity, you can check the vulnerabilities' impact and their classification. So, you can determine how critical it is to address each vulnerability promptly.
How to view vulnerabilities
- Log in to Acunetix.
- From the main menu, select Vulnerabilities.
Acunetix's vulnerability page allows you to quickly identify and prioritize vulnerabilities that require immediate attention through its filtering and sorting options. When you select a vulnerability, Acunetix provides comprehensive information, including attack details and potential impact, to help you assess the severity of the issue and determine how urgently it needs to be addressed.
Based on the detailed information on a vulnerability, you can prioritize the vulnerability effortlessly.
The vulnerability page lists all vulnerabilities identified across your scans. To see vulnerabilities in a scan, refer to Reviewing Scan Results.
Filtering vulnerabilities
As the number of vulnerabilities detected increases, managing and prioritizing vulnerabilities can become challenging. To simplify this process, vulnerabilities can be filtered based on various criteria such as Severity, Confidence, Business Criticality, FQDN, Target Group, Status, Archive Status, and Target.
Using a flexible filtering system, you can apply multiple filters to the list, such as displaying all high-severity vulnerabilities identified on a specific target that is still open. This approach helps to streamline vulnerability management and enables you to focus on the most critical issues that require immediate attention.
How to filter vulnerabilities
- Log in to Acunetix.
- From the main menu, select Vulnerabilities.
- Select the Filter search bar.
- Select an option. (For this example, we select Severity.)
- Acunetix shows related options to further filter vulnerabilities.
Acunetix lists vulnerabilities based on your filter.
You can also add more filters. For example, the following filters find those vulnerabilities whose severity is High, whose confidence level is 100 percent, and whose status is Open.
Changing a vulnerability status
You can change a vulnerability status on the vulnerability page. Any vulnerability identified following a scan has the Open status. Those vulnerabilities with the Open status remain on the vulnerability list.
In addition to the Open status, there are three more options:
Fixed: This status is given to vulnerabilities that are fixed by the developers. If the vulnerability is found again by Acunetix, the vulnerability will be reopened and marked as Rediscovered.
False Positive: There are situations where a vulnerability is incorrectly detected by Acunetix. The vulnerability will not be reported again in future scans.
Ignored: This status can be used for vulnerabilities that are not False Positives, but which for some reason should be ignored in future scans.
How to change the vulnerability status
- Log in to Acunetix.
- From the main menu, select Vulnerabilities.
- From the list, select vulnerabilities that you want to change the status.
- Select an option.
Vulnerabilities marked as False Positives or Ignored can be reopened manually at any time. You can use the filter to find the vulnerabilities with the changed status.
Information Integrate Acunetix with an issue tracker application to streamline the vulnerability-fixing process. For further information, refer to Configuring issue tracker integration. |
Information No time to fix vulnerabilities? Export vulnerabilities from Acunetix and import them into your WAF to save time for the fix. For further information, refer to Exporting scan results to WAFs. |
Retesting vulnerabilities
You can retest those vulnerabilities that are fixed by developers to confirm that they are fixed. When you select Retest, Acunetix runs a new scan using a custom scanning profile restricted to the specific vulnerability. During the retest, Acunetix only tests the vulnerable page.
- If an Acunetix scan confirms that the vulnerability is not found anymore, you can mark it as Fixed.
- If an Acunetix scan identifies that the vulnerability is found, it is listed as Rediscovered.
- If a new scan identifies the vulnerability you marked as Fixed previously, Acunetix lists it as Rediscovered on the vulnerability page.
- All vulnerabilities are retestable.
How to retest vulnerabilities
- Log in to Acunetix.
- From the main menu, select Vulnerabilities.
- From the list, select vulnerabilities that you want to retest.
- Select Retest.
