The lower part of the sidebar allows you to configure users, scan types, network scanning, issue tracker integration, email settings, multi-engine settings, excluded hours, proxy settings, and product updates settings.
The management of Acunetix users is explained here.
Acunetix installs with a default set of Scanning Profiles, which allow you to scan for specific types of vulnerabilities. If you need to be more granular in your scans, you can create your own custom scanning profiles which check for specific vulnerabilities. Proceed as follows:
- Click the "Add New Profile" button
- Provide a name for the profile.
- Select the vulnerabilities as needed.
You can search for vulnerabilities using the search field. You can also click on the folder icons to expand the folders.
- Click Save when done.
Screenshot - Custom Scanning Profile
When starting a new scan, you can choose your custom scanning profiles in the Scan Type selection.
Acunetix can be configured to use OpenVAS to perform network scans of the Targets configured in Acunetix. Installation of OpenVAS and the configuration of Acunetix to use the Network Scanner is explained here.
Acunetix supports sending vulnerabilities to an issue tracker. You will first need to configure the settings of the issue tracker in Acunetix. Proceed as follows:
- Provide a Name for the issue tracker. This name will be used to when selecting the issue tracker for the Target
- Select the Issue Tracker Platform you are using
- Provide the URL and credentials to access the issue tracker, and click Test Connection
- Select the Project in which issues should be logged.
- Select the Issue Type to be used by Acunetix when logging an issue.
Screenshot - Configure Issue Tracker
After configuring the issue tracker, you can assign the issue tracker to a Target from the target’s settings.
Acunetix supports sending issues to Github, Gitlab, Jira, Azure Devops (TFS), BugZilla, and Mantis.
The mail server settings are used by Acunetix to send email notifications such as when a scan is complete, license notifications, or forgot password emails. Here you can configure the SMTP server’s address, port, from address, security protocol used, and any authentication if needed.
The Acunetix Multi-engine setup is suitable for Enterprise customers who need to scan more than 10 websites or web applications simultaneously. This can be achieved by installing one Main Installation and multiple Scanning Engines, all managed from a central console.
There are times when you do not want to scan a Target. For example, you might want to scan your site during your workday so you can monitor the site while it is being scanned. Alternatively, you can scan your web application during the weekend when nobody is using it.
Screenshot - Excluded hours list
Excluded hours allow you to configure the times when no scans should be done by Acunetix. The default excluded hours profile is assigned to all new Targets, however this can be changed to a different excluded hours profile for each Target. You can also create your custom excluded hours profile if needed.
Screenshot - Edit an excluded hours profile
Note: Any scans that are running at the start or an excluded hours period will be stopped. Any scans that are scheduled to start during an excluded hour period will be delayed till after the excluded hour period.
You can configure Acunetix to use a proxy server if this is required to connect to the Internet. This will affect product updates, license activation requests and AcuMonitor requests. Specify the protocol, proxy address and port and optionally username and password to be used to connect to the proxy server.
This option is not necessary for the Online version, and is therefore not visible.
Product Updates - The "About" Page
Acunetix frequently releases updates which consist of new features, bug fixes and updates to the vulnerabilities database. In the "About" page, you can configure Acunetix to Download and install updates automatically, or have Acunetix notify you when new updates are available.