Reviewing Scan Results
The Scans page provides a list of all scans performed, including the type of scan (Scan Profile), the time and date when the scan was performed (Schedule), the number of each severity level of vulnerability found, and the current status of each scan. This list can be filtered by:
- Archive Status
- Business Criticality
- Scan Profile
- Target Group
- Threat (severity level)
Scan results sections
When a scan is complete, Acunetix sends you an email with a summary of the results and a link allowing you to access the scan results directly. You can also access the scan results by clicking the relevant target link from the list of scans on the Scans page.
The scan results header panel shows a summary of the scan parameters and the number of open vulnerabilities by severity. Below this are 6 sections providing the results of the scan.
- Scan Summary: This section provides an overall threat level rating for the target URL based on the number and severity of vulnerabilities discovered by the scanner. Click the Scan Details section to reveal more information about the scan parameters, such as request count, average response time, and the number of paths identified. The vulnerabilities table shows an overview of the number and severity of the detected vulnerabilities. The most vulnerable technologies detected by the scan are listed on the right.
- Vulnerabilities: This is the list of detected vulnerabilities, ordered by severity. You can filter the information by severity and status to view, for example, only Critical and High severity vulnerabilities with a status of ‘Fixed’. Or use the search function to show only a particular vulnerability. On the right hand side you have the option to change which columns are displayed. Click a vulnerability from the list to view all information about the detection and to change the vulnerability status.
- Runtime SCA Findings: These are out of date technologies being utilized by the target that we recommend updating. Click an item in the list to show more details about the identified issue.
- Site Structure: Use this section to check that the scan has covered all the sites for your target and to identify vulnerabilities affecting a specific file or folder. Click a folder to expand the site structure tree. You can also choose to adjust the displayed columns and click on a vulnerability to show more information.
- Scan Statistics: Here you’ll find two data tables that you can sort by number of runs/requests or by total duration.
- Operations: This table analyzes the different scan operation types that were performed, showing the number of times each scan operation was performed, the average duration of each operation, and the total duration of all the operations.
- Locations: This table analyzes the different URLs that were scanned, showing the number of times each URL was scanned, the average duration of each scan, and the total duration of all the scans performed on that location.
- Activity: A list of events related to the scan. This section shows when the scan started and completed, and if any errors were encountered during the scan. Click the down arrow to reveal more details for each event.
Vulnerabilities Detected by AcuMonitor
An Acunetix scan makes use of AcuMonitor to detect certain vulnerabilities such as Blind XSS, Email Header Injection, and certain types of SSRF, XXE and Host Header Attacks. AcuMonitor can only detect some of these vulnerabilities after the scan has finished. When this happens, AcuMonitor will update the scan results with the new vulnerabilities detected and you will receive an email notifying you that the scan results have been updated. More information on AcuMonitor can be found at http://www.acunetix.com/vulnerability-scanner/acumonitor-blind-xss-detection/.