Types of Acunetix reports

The following is a list of the report templates that are available and can be generated from the Targets, Scans, Vulnerabilities, or Reports pages in Acunetix. The format of each report, the details included, and the grouping used in the report are determined by the report template.

Standard Reports

The following standard reports are available after selecting a Target on the Targets or Scans page and then going to Generate Report to select your desired report.

Affected Items Report

The Affected Items report shows the files and locations where vulnerabilities have been detected during a scan. The report shows the severity of the vulnerability detected, together with other details about how the vulnerability has been detected.

Comprehensive Report

The Comprehensive Report takes the information available in the Developer Report, and presents it in a more concise format, adding a leading graphical section with statistical data. For each vulnerability, each HTTP request made to the target is accompanied by the HTTP response received.

Comprehensive Report - HTML Format vs PDF Format

  • The HTML format allows Acunetix to create dynamic reports. In this case, the HTML version of the report allows the viewer to expand and collapse sections of the report, making it more user-friendly.
  • In contrast, the PDF format is a static format, and it would be too cumbersome to include all the expanded information in the PDF version. Because of this, the PDF version excludes the HTML responses.

Developer Report

The Developer Report is targeted to developers who need to work on the website in order to address the vulnerabilities discovered by Acunetix. The report provides information on the files that have a long response time, a list of external links, email addresses, client scripts, and external hosts, together with remediation examples and best practice recommendations for fixing the vulnerabilities.

Executive Summary Report

The Executive Summary Report summarizes the vulnerabilities detected in a website and gives a clear overview of the severity level of vulnerabilities found in the website.

Quick Report

The Quick Report provides a detailed listing of all the vulnerabilities discovered during the scan.

Comparing Scans

The Scan Comparison report lets you compare two scans on the same Target, highlighting the differences between the scans. This option becomes available only when 2 scans for the same Target are selected.

Compliance Reports

In Acunetix Premium Compliance Reports are available for the following compliance bodies and standards:

CWE Top 25 Most Dangerous Software Weaknesses

This report shows a list of vulnerabilities that have been detected in your website which are listed in the CWE Top 25 Most Dangerous Software Weaknesses. These errors are often easy to find and exploit and are dangerous because they will often allow attackers to take over the website or steal data. More information can be found at http://cwe.mitre.org/top25/.

The Health Insurance Portability and Accountability Act (HIPAA)

Part of the HIPAA Act defines the policies, procedures, and guidelines for maintaining the privacy and security of individually identifiable health information. This report identifies the vulnerabilities that might be infringing these policies. The vulnerabilities are grouped by the sections as defined in the HIPAA Act.

International Standard – ISO 27001

ISO 27001, part of the ISO / IEC 27000 family of standards, formally specifies a management system that is intended to bring information security under explicit management control. This report identifies vulnerabilities that might be in violation of the standard and groups the vulnerabilities by the sections defined in the standard.

NIST Special Publication 800-53

NIST Special Publication 800-53 covers the recommended security controls for Federal Information Systems and Organizations. Once again, the vulnerabilities identified during a scan are grouped by the categories as defined in the publication.

OWASP Top 10 2017

The Open Web Application Security Project (OWASP) is a web security project led by an international community of corporations, educational institutions, and security researchers. OWASP is renowned for its work in web security, specifically through its list of top 10 web security risks to avoid. This report shows which of the detected vulnerabilities are found on the OWASP top 10 vulnerabilities.

Payment Card Industry (PCI) standards

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard, which applies to organizations that handle credit card holder information. This report identifies vulnerabilities that might breach parts of the standard and groups the vulnerabilities by the requirement that has been violated. The PCS DSS 4.0 report is the latest version. Reports for the previous version, PCI DSS 3.2, also remain valid until the end of March 2024.

Sarbanes Oxley Act

The Sarbanes Oxley Act was enacted to prevent fraudulent financial activities by corporations and top management. This report lists vulnerabilities that are detected during a scan that might lead to a breach in sections of the Act.

DISA STIG Web Security

The Security Technical Implementation Guide (STIG) is a configuration guide for computer software and hardware defined by the Defense Information System Agency (DISA), which is part of the United States Department of Defense. This report identifies vulnerabilities that violate sections of STIG and groups the vulnerabilities by the sections of the STIG guide which are being violated.

Web Application Security Consortium (WASC) Threat Classification

The Web Application Security Consortium (WASC) is a non-profit organization made up of an international group of security experts, which has created a threat classification system for web vulnerabilities. This report groups the vulnerabilities identified on your site using the WASC threat classification system.

 

« Back to the Acunetix Support Page