Acunetix allows you to secure your websites and web applications quickly and efficiently, while making it easy to manage the vulnerabilities detected. The Acunetix web interface allows multiple users in your organization to use Acunetix from a standard web browser. After logging in, users are taken to the Dashboard which provides a bird's-eye view of the security of your organization’s assets.
The Dashboard provides a summary view of the security statistics of your web assets, including:
- Totals of unfixed vulnerabilities, split by severity level
- Total number of defined Targets
- Total number of Scans running; waiting to run; and completed
- Top 5 most vulnerable Targets
- Top 5 most reported vulnerabilities
- Trend charts showing month-on-month trends for the last 12 months for:
- Number of open vulnerabilities
- Average number of vulnerabilities per target
- Average number of days to remediate vulnerabilities
- Number of vulnerabilities found
- Average vulnerabilities age in days
From the Dashboard:
- You can configure Targets once and scan them as often as needed. Acunetix keeps track of the security status of each target by aggregating and keeping track of the vulnerabilities identified for each target.
- All the vulnerabilities identified by Acunetix are shown in one page, making it easy to prioritise the vulnerabilities identified across your organization. Vulnerabilities can be filtered to show only what is required or grouped either by the severity of the vulnerability or the business criticality assigned to each target.
- Acunetix makes it easy to review scan results of ongoing or completed scans. New scans can be configured to occur either instantly or on a schedule.
- Reports can be generated for targets, scans, or a set of vulnerabilities.
Web Asset Discovery and Scanning
A website security scan typically consists of two phases:
- Crawling: Making use of Acunetix DeepScan, Acunetix automatically analyzes and crawls the website in order to build the site's structure. The crawling process enumerates all files, folders, and inputs and is vital to ensure that all your website is scanned.
- Scanning: Acunetix launches a series of web vulnerability checks against each component in your web application – in effect, emulating a hacker. The results of a scan include comprehensive details of all the vulnerabilities found within the website.
AcuSensor Technology Agent
AcuSensor is a unique technology that allows you to identify more vulnerabilities than a traditional black-box web security scanner, and it is designed to further reduce false positives. AcuSensor also indicates the line of code where the vulnerability was found. This increased accuracy is achieved by combining black-box scanning techniques with interactive code analysis whilst the source code is being executed. For Acunetix AcuSensor to work, an agent must be installed on your website to enable communication between Acunetix and AcuSensor. Acunetix AcuSensor can be used with PHP, JAVA and .NET web applications. For more information about installing AcuSensor, refer to Introduction to deploying AcuSensor.
Some vulnerabilities can only be detected using an intermediate service. Acunetix AcuMonitor allows Acunetix to detect such vulnerabilities. Depending on the vulnerability, AcuMonitor can either report the vulnerability immediately during a scan, or send a notification email directly to the user if the vulnerability is identified after the scan has finished. More information about AcuMonitor Technology can be found here. The AcuMonitor Service is fully integrated in Acunetix and is enabled for all targets configured in Acunetix.
The Reports section allows you to generate reports for Scans, Targets, and all the vulnerabilities detected. Various report templates are available, including executive summaries, detailed reports, and in Acunetix Premium a wide variety of compliance reports. For more information about Reports, refer to Types of Acunetix Reports.