HOME / SUPPORT / Acunetix Web Vulnerability Scanner Overview

Acunetix Overview

Acunetix allows you to secure your websites and web applications quickly and efficiently while making it easy to manage the vulnerabilities detected. The Acunetix Online portal allows multiple users in your organization to use Acunetix from a standard web browser.

The left-side menu provides access to the main features for scanning websites and web applications, reviewing detected vulnerabilities, and reporting. Menu items at the bottom are for more advanced configuration of your Acunetix account.  

Overview

The Overview page provides a summary view of the security statistics of your web assets, including:

  • Totals of unfixed vulnerabilities, split by severity level
  • Total number of defined Targets
  • Total number of Scans running; waiting to run; and completed
  • Top 5 most vulnerable Targets
  • Top 5 most reported vulnerabilities
  • Trend charts showing month-on-month trends for the last 12 months for:
  • Number of open vulnerabilities
  • Average number of vulnerabilities per target
  • Average number of days to remediate vulnerabilities
  • Number of vulnerabilities found
  • Average vulnerabilities age in days

Discovery

A website security scan typically begins with Discovery. This feature scans the entire internet to identify web assets belonging to your organization. This enables you to become aware of all your online collateral, web applications, and services so you can conduct a comprehensive security audit and better secure your online presence, continually reducing security threats. As soon as you activate your Acunetix license, the system begins the discovery process with the master user's email address, immediately suggesting websites that might also belong to you. The Acunetix Engine automatically analyzes and crawls each website in order to build the site's structure. The crawling process enumerates all files, folders, and inputs, which is vital to ensuring that all parts of your website are scanned. For more information, refer to Web Asset Discovery.

Targets

A target is a website, web application, server, or network device that you would like to scan for security vulnerabilities. In general, a target license is required for each web application and for each domain. You can configure Targets once and scan them as often as needed. Acunetix keeps track of the security status of each target by aggregating and keeping track of the vulnerabilities identified for each target. For more information about Targets, refer to Configuring Targets.

Scans

Acunetix launches a series of web vulnerability checks against each component in your web application – in effect, emulating a hacker. The results of a scan include comprehensive details of all the vulnerabilities found within the website. Acunetix makes it easy to review scan results of ongoing or completed scans via the Scans page. New scans can be configured to occur either instantly or on a schedule. For more information about scanning, refer to Launching Scans.

NOTE: Acunetix is designed to run non-destructive security scans and the checks performed are themselves not invasive. However, the scanner needs to test each control in the web application, including submitting forms multiple times. This can result in the scanner activating a control (e.g. Delete Database or Delete User) or submitting the same form multiple times (e.g. Contact us form).


This point is particularly important if you scan a production environment. You may experience performance issues or find lots of emails in your inbox. For further information, refer to: Do Acunetix scans damage web applications?

Vulnerabilities

All the vulnerabilities identified by Acunetix are shown on one page, making it easy to prioritize the vulnerabilities identified across your organization. Vulnerabilities can be filtered to show only what is required or grouped either by the severity of the vulnerability or the business criticality assigned to each target. For more information about vulnerabilities, refer to Vulnerability Severity Levels.

AcuSensor Technology Agent

AcuSensor is a unique technology that allows you to identify more vulnerabilities than a traditional black-box web security scanner, and it is designed to further reduce false positives. AcuSensor also indicates the line of code where the vulnerability was found. This increased accuracy is achieved by combining black-box scanning techniques with interactive code analysis whilst the source code is being executed. For Acunetix AcuSensor to work, an agent must be installed on your website to enable communication between Acunetix and AcuSensor. Acunetix AcuSensor can be used with PHP, JAVA, and .NET web applications. For more information about installing AcuSensor, refer to Introduction to deploying AcuSensor.

AcuMonitor Technology

Some vulnerabilities can only be detected using an intermediate service. Acunetix AcuMonitor allows Acunetix to detect such vulnerabilities. Depending on the vulnerability, AcuMonitor can either report the vulnerability immediately during a scan or send a notification email directly to the user if the vulnerability is identified after the scan has finished. More information about AcuMonitor Technology can be found here. The AcuMonitor Service is fully integrated into Acunetix and is enabled for all targets configured in Acunetix.

Reports

The Reports section allows you to generate reports for Scans, Targets, and all the vulnerabilities detected. Various report templates are available, including executive summaries, detailed reports, and in Acunetix Premium a wide variety of compliance reports. For more information about Reports, refer to Types of Acunetix Reports.

 

« Back to the Acunetix Support Page