Acunetix has refreshed its online web and network vulnerability scanner, Acunetix Online, with a massive update. The new Acunetix Online now incorporates all the features found in its on premise offering, Acunetix On Premise. With a brand new simpler than ever user interface, integrated vulnerability management and integration with popular Web Application Firewalls (WAFs) and Issue Tracking systems, this is by far the biggest Acunetix Online release since it’s introduction.
Simpler, Cleaner User Interface
Acunetix Online’s new user interface has been re-designed from the ground-up to bring it inline with Acunetix On Premise. The Acunetix Online user interface has been simplified whilst being made more useful by focusing on the product’s core functionality by introducing filtering options, and improving manageability of Targets. Features include:
- Targets, Scans, Vulnerabilities and Reports can all be filtered to find exactly what you are looking for quickly.
- Excluded Hours, Excluded Paths, custom User Agent strings, client certificates and many more configuration options previously only available to Acunetix On Premise customers are now also available in Acunetix Online.
- Test complex web applications by pre-seeding crawls using a list of URLs, Acunetix Sniffer Log, Fiddler SAZ files, Burp Suite saved and state files, and HTTP Archive (HAR) files.
- Vulnerabilities across all Targets are displayed in one view.
- Vulnerabilities can be filtered by Target, Business Criticality, Vulnerability, Vulnerability Status and CVSS score.
- Vulnerability can be grouped by Target Business Criticality and Vulnerability Severity.
The enhanced Acunetix Online Dashboard provides all necessary information in one place to help manage and track security vulnerabilities
Easier, more effective Target and Vulnerability management
Business Criticality, a user-defined metric to determine how important a Target is to the business’ function, can now be assigned to Targets. This enables you to easily prioritize vulnerability remediation based on business criticality.
Out-of-the-box Issue Tracker and WAF integration simplifies vulnerability remediation
Acunetix Online now supports one-click issue creation in Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS), allowing development teams to better keep track of vulnerabilities in their issue tracking systems -- All without leaving the Acunetix Online interface!
Vulnerabilities can now be exported to WAFs (F5 Big-IP ASM, Fortinet FortiWeb and Imperva SecureSphere), allowing users to implement virtual patches to critical vulnerabilities in the WAF, until a fix addressing the vulnerability is deployed to the web application. Scan results can now also be exported to the Acunetix generic XML for integration with other WAFs or 3rd party systems.
Mark Vulnerabilities As Fixed Or False Positives
Acunetix Online not provides the ability to mark vulnerabilities as False Positive, Fixed or Ignored. This means that users can now get rid of false positives from upcoming scans and reports.
To make vulnerability management more useful, Acunetix Online will now label reoccurring vulnerabilities as Rediscovered. You may choose to accept a vulnerability’s risk by marking the vulnerability as Ignored.
Custom Scan Types
Scan Types are a logical grouping of tests that test for specific classes of vulnerabilities. Of course, Acunetix Online comes bundled with commonly used default Scan Types, however, Acunetix Online now even create your own Scan Types. A great example of a Custom Scan Type is to scan Targets for a recently discovered vulnerability.
In addition to generating reports for an individual scan, Acunetix Online now allows you to generate reports on:
- Individual or multiple Scans
- Individual or multiple Targets
- Individual, multiple or all the Vulnerabilities identified by Acunetix.
There is also the introduction of a Scan Comparison report which highlights the differences between 2 scans, allowing the user to easily identify the new vulnerabilities in the latest scans, or the vulnerabilities that have not been detected, which could mean that they are fixed. Reports are now available in both PDF and HTML.
Network Security Scanning
Acunetix Online provides a comprehensive perimeter network security scanning service by integrating with the latest OpenVAS network vulnerability scanning engine (v9). This means that Acunetix Online can now detect in excess of 50,000 perimeter network vulnerabilities.
Added Functionality For Acunetix Integrators
Acunetix Online now also has a new powerful RESTful API that may be used by system integrators. The API is able to provide up-to-the-minute status of on-going scans together with information on vulnerabilities identified for these scans.