Acunetix allows you to secure your websites and web applications quickly and efficiently, while making it easy to manage the vulnerabilities detected. It consists of the following components:
Acunetix Web Interface
Acunetix ships with an easy to use web interface, allowing multiple users to use Acunetix from a standard web browser. After logging in, users are taken to the Dashboard which provides a bird's-eye view of the security of the organisation’s assets.
The Dashboard provides a summary view of the security statistics of your web assets, including:
- totals of unfixed vulnerabilities, split by severity level
- total number of defined Targets
- total number of Scans completed; total number of Scans in progress; total number of Scans queued
- top 5 most vulnerable Targets
- top 5 most reported vulnerabilities
- trend charts showing month-on-month trends for the last 12 months for:
- number of open vulnerabilities
- average number of vulnerabilities per target
- number of vulnerabilities found
- average number of days to remediate vulnerabilities
- average vulnerabilities age in days
From the Dashboard:
- You can configure Targets once and scan them as often as needed; Acunetix keeps track of the security status of each target by aggregating and keeping track of the vulnerabilities identified for each target
- All the vulnerabilities identified by Acunetix are shown in one page, making it easy to prioritise the vulnerabilities identified across all the organisation; Vulnerabilities can be filtered to show only what is required or grouped either by the severity of the vulnerability or the business criticality assigned to each target
- Acunetix makes it easy to review scan results of ongoing or completed scans; New scans can be configured to occur either instantly or on a schedule
- Reports can be generated for targets, scans or a set of vulnerabilities
The Web Scanner launches an automatic security audit of a website. A website security scan typically consists of two phases:
- Crawling – Making use of Acunetix DeepScan, Acunetix automatically analyzes and crawls the website in order to build the site's structure. The crawling process enumerates all files, folders and inputs and is vital to ensure that all your website is scanned.
- Scanning – Acunetix launches a series of web vulnerability checks against each component in your web application – in effect, emulating a hacker. The results of a scan include comprehensive details of all the vulnerabilities found within the website.
AcuSensor Technology Agent
Acunetix AcuSensor Technology is a unique technology that allows you to identify more vulnerabilities than a traditional black-box web security scanner, and is designed to further reduce false positives. Additionally, it also indicates the line of code where the vulnerability was found. This increased accuracy is achieved by combining black-box scanning techniques with interactive code analysis whilst the source code is being executed. For Acunetix AcuSensor to work, an agent must be installed on your website to enable communication between Acunetix and AcuSensor. Acunetix AcuSensor can be used with PHP, JAVA and .NET web applications.
Some vulnerabilities can only be detected using an intermediate service. Acunetix AcuMonitor allows Acunetix to detect such vulnerabilities. Depending on the vulnerability, AcuMonitor can either report the vulnerability immediately during a scan, or send a notification email directly to the user if the vulnerability is identified after the scan has finished. More information on the AcuMonitor Service can be found at http://www.acunetix.com/vulnerability-scanner/acumonitor-blind-xss-detection/
The AcuMonitor Service is fully integrated in Acunetix, and is enabled for all the targets configured in Acunetix.
The Reporter allows you to generate reports for Scans, Targets and all the vulnerabilities detected. Various report templates are available, including executive summaries, detailed reports and a wide variety of compliance reports.