
Fast, Flexible, Continuous External Vulnerability Scanning
The modern web is full of complexities, and as such, many other external vulnerability scanners and black box scanners built a decade ago, can’t properly scan, large and complex web applications quickly. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed, efficiency and accuracy, allowing it to complete even the largest external vulnerability scans without breaking a sweat. What’s more, in Acunetix it’s possible to throttle the speed at which an external vulnerability scan runs, ensuring that even high-traffic sites can be scanned without affecting their performance. You can also schedule external vulnerability scans to run at specific times of a day, week or month, or even define you own custom schedule. You also have the option of running scans on a continuous basis with Acunetix only running a quick scan every day of the week, with a full scan run once a week. This ensures that any new vulnerabilities that may have been introduced in-between full scans get picked up by Acunetix immediately.
Simple Vulnerability Management and Reporting
Another problem that Acunetix solves which many other external vulnerability scanners surley lack is the ability to produce great reports. After an external vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others. Additionally, Acunetix also allows users to export discovered vulnerabilities to third party issue trackers such as Atlassian JIRA, GitHub, GitLab, Microsoft Team Foundation Server (TFS), Bugzilla, and Mantis. One of the biggest issues with conventional external vulnerability scanners is that they simply show a list of scan results. Acunetix takes a different approach in that once a vulnerability is found during a scan, it is automatically cataloged and assigned a status of Open. After the vulnerability gets fixed, Acunetix may be used to re-test the vulnerability to make sure it’s properly fixed, and then automatically marks it as Fixed. All information is available at a glance in the Acunetix Dashboard. With multi-user, multi-role capabilities of Acunetix, users can only see what they’re meant to.Frequently asked questions
An external vulnerability scan, also called a perimeter scan, is a type of vulnerability scan that is performed from outside the host/network. Such a scan emulates the behavior of a potential external attacker. It focuses on finding vulnerabilities in assets that are exposed by design and on finding assets or information that should not be exposed externally.
Network and web attacks can be performed both externally and internally. However, most companies are more worried about external attackers than insider risks. Therefore, most companies perceive external vulnerability scanning as more important. However, internal assets must also be secured because they are often used for privilege escalation.
Read how an external SQL Injection attack may lead to internal system compromise.
In the case of web vulnerability scanning, you can expose internal assets to an external vulnerability scanner. In the case of network scanning, it is more difficult because the purpose of a network scanner is to check service exposure. Therefore it is more optimal to use an on-premises scanner for internal network scans.
Learn how to configure Acunetix to scan internal web assets.
With Acunetix Online and Acunetix on-premises, you can perform web vulnerability scans and network scans, both external and internal. In Acunetix Online, network scanning is configured as soon as you log in. In the case of Acunetix on-premises, you need to install OpenVAS and provide its listening address and port to Acunetix.
Learn how to enable network scanning in Acunetix on-premises.
Recommended reading
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.



“We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.”
Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox