Guide to

Acunetix 360
Basics
Contents
3 Step 01 Learning the Basics
3 Web Application Security Scanning Flow

4 Step 02 Installation
4 Acunetix 360 On-Premises
4 Acunetix 360 Online

5 Step 03 Setting Up Your Team & User Permissions

6 Step 04 Adding Target Website Applications

6 Verifying Ownership

7 Step 05 Launching a Scan

7 Using the Default Settings
7 Using Customized Settings

8 Step 06 Reviewing Scan Results

8 What Is Going on During Scanning?
9 What Information is Available Following the Scan?
9 What Should I Do with Detected Issues?

10 Step 07 Creating A Scan Report

10 Why Do We Need Reports?

11 Support

Guide to Acunetix 360 Basics 2

 1
LEARNING
THE BASICS

Welcome to Acunetix!
1 Knowing your web application

Web security might seem like a daunting concept,

but with Acunetix 360, you can start scanning
2 Preparing and configuring scans
target web applications immediately.

Acunetix 360 is an automated, yet configurable, 3 Scanning your web applications

web application security scanner. It enables you to

scan websites, web applications and web services in Reviewing and comparing scan results
order to detect vulnerabilities and other issues that 4 with previous scans
may be useful to malicious attackers. It also is
designed to become a part of your complete
cybersecurity environment and integrate with many 5 Fixing issues

other solutions.

6 Retesting fixed issues

ACUNETIX 360
LEADER IN ACCURACY 7 Generating reports

Acunetix 360 is one of the leaders in terms

of accuracy and employs several different
A COMPLETE WEB
techniques aimed at reducing false
SECURITY SOLUTION
positives. Acunetix 360 provides a Proof of
Exploit, meaning that you can avoid
Acunetix 360 is available Online or
wasting time on manual verifications. This
On-Premises. It allows you to scan multiple
enables you to spend time fixing
websites at the same time, provides
vulnerabilities instead.
dashboards that deliver an overview of the
security state of your web applications, and
lots of features to help you to scan
WEB APPLICATION SECURITY
websites, manage issues and run reports.
SCANNING FLOW

Acunetix 360 is one of the leaders in terms of

accuracy and employs several different techniques
aimed at reducing false positives. Acunetix 360
provides a Proof of Exploit, meaning that you can
avoid wasting time on manual verifications. Helpful links for further information:
This enables you to spend time fixing https://www.acunetix.cis
- What om/supporAcunetix
t/docs/a360/getting-started/what360?
-is-acunetix-360/
vulnerabilities instead. - https:
Web //www.aApplication
cunetix.com/support/docs/a360/getti
Securityng-started/web-appl ication-security-scanni
Scanning Flow ng-flow/

Guide to Acunetix 360 Basics 3

 2
INSTALLATION

Now that you know how Acunetix 360 works, here is

a quick look into the deployment differences SYSTEM REQUIREMENTS
between Acunetix 360 On-Premises and Acunetix
360 Online. A complete installation of Acunetix 360 has
4 components, with the following
recommended requirements:
ACUNETIX 360 ON-PREMISES

Acunetix 360 Application Server

Acunetix 360 On-Premises is an edition that you
• Windows Server 2019 with IIS role and
install on your own infrastructure. The typical
.NET Framework 4.7.2
motivation behind this choice is to keep all the
• 2GHz Processor or faster
resulting data stored in-house.
• 8Gb RAM or more
• 20Gb Disk space or more
For more details regarding the installation steps,
start with Installing and Configuring Acunetix 360
https://www.acunetix.com/support/docs/a360/getting-started/installing-and-configuring-acunetix-360-on-premises/ Acunetix 360 Agent
hOn-Premises.
t ps:/ w w.acunetix.com/sup ort/docs/a360/get ing-started/instal ing-and-configuring-acunetix-360-on-premises/ • Windows Server 2019 with .NET
Framework 4.7.2
Once the installation is complete, you can log in • 2GHz Processor or faster
using the credentials created during the installation. • 4Gb RAM or more
• 5Gb Disk space or more

ACUNETIX 360 ONLINE

Acunetix 360 Authentication Verifier
Acunetix 360 Online is a cloud-based web • Windows Server 2012 R2 with .NET
application security scanner. As soon as your Framework 4.7.2
license is activated, you will receive an invitation • 2GHz Processor or faster
email. Simply click on the link in the invitation email • 4Gb RAM or more
to create your credentials, and then log in. • 5Gb Disk space or more

Database Server
• Microsoft SQL Server 2012 or later
• 2GHz Processor or faster
• 4Gb RAM or more
• 6Gb Disk space or more

Guide to Acunetix 360 Basics 4

 3
SETTING UP YOUR TEAM
& USER PERMISSIONS

Now that you have logged in to your Acunetix

account, let's look at how to set up your team and
user permissions.

ADMINISTRATIVE
ACCESS REQUIRED

Management of Teams and User

Permissions is restricted to
Administrator-level users only.

Setting up user permissions at the beginning means

that the relevant users will have access to the
relevant features. They can get started detecting
and fixing vulnerabilities immediately.

1. To set up your team, go to hManaging

t ps:/ www.acunetix.com/sup ort/docs/a360/team-management/managTeam
ing-team-members-in-acunetix-360/
Members ineam-management
https://www.acunetix.com/support/docs/a360/t Acunetix /managing-team-members-i360.
n-acunetix-360/

2. For each team member, you also need to

Configure User Permissions in Acunetix 360.
https://www.acunetix.com/support/docs/a360/team-management/configuring-user-permissions-in-acunetix-360/
The User Permissions Matrix in Acunetix 360
https://www.acunetix.com/support/docs/a360/team-management/user-permissions-matrix-in-acunetix-360/
will help you understand what each permission
enables users to do.

USERS WITH ADMINISTRATOR

PERMISSIONS CAN CREATE
AND MANAGE TEAMS

Guide to Acunetix 360 Basics 5

 4
ADDING TARGET
WEBSITE APPLICATIONS

Now that you have set up your team and user VERIFYING OWNERSHIP

permissions, it is important to understand how to

You can Verify Ownership of a Website by HTML
add a target website. Adding your target website
File Upload, Meta Tag Verification, TXT Records in
before launching a scan is a necessary step so that
DNS Verification or Email Verification. You can do
Acunetix knows which sites you would like to scan.
this in the Manage Websites window. Complete the
relevant fields. Follow the instructions in Verifying
ht ps:/ w w.acunetix.com/sup ort/docs/a360/get ing-started/verifying-website-ownership-in-acunetix-360/
Website
https:/ www.acunetix.com/support/docs/a360/getOwnership.
ting-started/verifying-website-ownership-in-acunetix-360/
Important Licensing Information

1. Acunetix 360 licensing revolves around We recommend that you act responsibly and make
the number of targets that you enter into sure that you are authorised to scan the website
the system. Once a domain name has first. Remember that during the scan your website
been scanned, it counts towards your will be attacked. See Do
https://www.Acunetix Scans
acunetix.com/support/docs/faqs/do-acuneti Damage
x-scans-damage-web-appl ications/
license; you cannot switch out a site that Web
https:/ www.acunetix.com/Applications?
support/docs/faqs/do-acunetix-scans-damage-web-applications/
has already been scanned for a different
site you need to scan.

2. Remember to delete any domain names

added during your Acunetix 360 trial.

3. Keep in mind that you can change your

domain names only once a year.

Acunetix 360 Online users need to verify the

ownership of this website prior to scanning. If you
have multiple websites to scan, you can contact the
Acunetix support team to whitelist your account.
This will enable you to scan all your websites
without ownership verification.

Adding A Website

1. Click Website, then New Website

2. Complete the Name, URL

and other information.

3. Click SAVE

Guide to Acunetix 360 Basics 6

 5
LAUNCHING
A SCAN

Your target websites are all set up and you are For example, many web applications have sections
ready to launch a scan. There are two ways to do reserved only for authorized (signed-in) users. In
this. You can either use the default settings, or you these cases, you can configure various
can configure them for an optimized and authentication methods, to make sure Acunetix 360
faster scan. has access to those sections, and can conduct
scanning there too. See Types
https:/ www.acunetix.com/supporof
t/docs/a360/Scans
scans/overview-of-scanning/ for more
scanning options.
USING THE DEFAULT SETTINGS

Acunetix 360 is an easy to use, automated web

application security scanner. It provides many General Form

default configurations including: Default Scan

Scope Basic, NTLM/Kerberos
Policy with built-in Security Checks, Report Policy,
Additional Websites Header
Maximum Scan Duration, Scan Scope, Heuristic URL
Rewrite Mode, and Notifications. This makes it easy Imported Links

to get started quickly. To understand the scan URL Rewrite OAuth2

settings in detail, start with Creating a New Scan.
https://www.acunetix.com/support/docs/a360/scans/creati ng-a-new-scan/
Scan Time Window

SCAN DURATION
PCI Scan

Remember that scan duration may vary

depending on the size of the web
To understand each setting and how to configure it,
application and the security checks
see Acunetix 360 Scan Options Fields.
https://www.acunetix.com/support/docs/a360/scans/creating-a-new-scan/
enabled in the Scan Policy you’ve selected.

CUSTOM SCAN PROFILES

USING CUSTOMIZED SETTINGS

If you decide to configure some or all of
Authentication and Scope settings are very these options in Acunetix 360, you can save
important for a web application scan. If you enter your configuration as a Scan Profile (see
the proper configurations, Acunetix 360 will fine Overview of Scan Profiles)
https://www.acunetix.com/support/docs/a360/scans/overvi ew-of-scan-profiles/ to reuse it for
tune itself automatically. However, in some cases, future scans. Saved Scan Profiles are
you may want to consider customizing scans by available by clicking the gear icon.
configuring further scan settings.

Guide to Acunetix 360 Basics 7

 6
REVIEWING
SCAN RESULTS

Now that you’ve launched your scan, you are ready WHAT IS GOING ON DURING SCANNING?
to review the scan results. Reviewing scan results in
● Acunetix 360 is crawling and attacking
the Issues and Dashboard windows is important for
discovered pages.
several reasons.
● https://www.acunetix.com/support/docs/a360/getting-started/introduction-to-the-dashboards/
Start with Viewing the Scan Summary Dashboard

In the Issues window, you can see a list of each in

https:/ www.acAcunetix
unetix.com/support/docs/a360/get ing-started/introduct360
ion-to-the-dashboards/ to see the discovered issues

individual issue and where it was found. You can during scanning.

find out about the varying types of findings

detected on your scanned websites, not just the
vulnerabilities. Some of these include information
that may be useful to attackers.

1 Learn vulnerability severity levels

2 Gain an overview of the security state

3 Check the scan summary and impacts

4 Review the issues and remedies

5 Fix the vulnerabilities and retest

6 Update the status of the issues

In this section, you will learn how we categorise

detected vulnerabilities, how to interpret ongoing
and completed scan results, and what to do once
you have fixed an issue.

Vulnerability Severity Levels, so

First, read up on https://www.acunetix.com/support/docs/a360/issues/vulnerability-severity-levels/
you can understand how we categorise detected
vulnerabilities in scan results (by severity). This will
help you prioritize which ones to tackle first.

Guide to Acunetix 360 Basics 8

WHAT IS GOING ON DURING SCANNING?

You can view the dashboards again; or you can gain an overview of the security state of all your web
Viewing the Global Dashboard in Acunetix 360; or you can get a detailed view of all issues found
applications by https://www.acunetix.com/support/docs/a360/getting-started/introduction-to-the-dashboards/
by Viewing Issues in Acunetix 360.
https://www.acunetix.com/support/docs/a360/issues/viewing-issues-in-acunetix-360/

13

6
Severity Trend 1
0

10
12/06/19 15/06/19 19/06/19 25/06/19 27/06
27/06/19 30/06/19

Critical High Medium Low Information Best Practice

Critical High Medium

Low Information Best Practice

THE GLOBAL DASHBOARD

PROVIDES YOU AN OVERVIEW
OF THE SECURITY STATE

WHAT SHOULD I DO WITH DETECTED ISSUES?

● First, have a look at htManaging

tps:/ www.acunetix.com/support/docs/a360/is ues/viIssues.
ewing-is ues-in-acunetix-360/

● https://www.acunetix.com/support/docs/a360/issues/updating-the-status-of-an-issue-in-acunetix-360/
Next, move on to Fixing a Vulnerability and Updating the Status of an Issue in Acunetix 360.

Guide to Acunetix 360 Basics 9

 7
CREATING A
SCAN REPORT

Now that you have reviewed your scan results, you Acunetix 360 allows you to generate PCI
can create various types of reports. Reporting is the compliance reports, approved by an ASV
last stage of the Web Application Security Scanning (Approved Scanning Vendor).
Flow and an important one, because it gives
● Built in t/Reports
https://www.acunetix.com/suppor docs/a360/reports/built-in-reports/ - Including generic Trend and
different users and departments all the information
Status security reports
they need to take care of in their areas of responsibility.
● Report
https://www.acunetix.com/supporTemplates
t/docs/a360/reports/report-templates/ - For generating and
downloading reports, including
WHY DO WE NEED REPORTS?
compliance reports
Managers need security reports that cover basic ● Statistical
https:/ www.acunetix.com/support/docs/a360/reports/generating-Reports
and-viewing-statistical-reports-in-acunetix-360/
information on discovered issues and possible
impacts. For further information see Why
ht ps:/ www.acunetix.com/suppoDo
rt/docs/a360/reports/We
overview-of-reports/
Developers require more detailed information in
htNeed
tps:/ www.acunetix.com/supporReports?
t/docs/a360/reports/overview-of-reports/
order to begin fixing detected vulnerabilities.

In addition to Reviewing Scan

https://www.acunetix.com/support/docs/a360/scans/r eviewing-scan-resultResults
s-and-imported-vulnerabilities/ you can also
generate a Detailed Scan Report.
https://www.acunetix.com/support/docs/a360/reports/bui lt-in-reports/

REPORTS HELP YOU MEET

COMPLIANCE REGULATIONS
SUCH AS ISO 27001,
HIPAA AND PCI.

Guide to Acunetix 360 Basics 10

Integration with Desktop Tools SUPPORT

Acunetix and Netsparker are sister brands owned by

If you need help with anything mentioned in this
Invicti Security. This relationship brings an
mailto:support@acunetix.com
guide, contact support@acunetix.com.
additional entitlement; Acunetix 360 users also get a
license to use Netsparker Standard.

Integration between Acunetix 360 and Netsparker

Standard allows any scanning data compiled by
Netsparker Standard to be imported into Acunetix
360; this additional data will be combined and used
with the other data inside Acunetix 360.

Integration with DevOps, SDLC, and Other Systems

Acunetix 360 is a complete web application security

solution that integrates with your existing
environments, such as issue trackers, vulnerability
management systems, and CI/CD platforms. This
allows you to fully incorporate web app security into
your Software Development Life Cycle (SDLC).

Acunetix 360 provides integration features for a

very wide range of related tools and services in the
following areas:

● Issue Tracking
● Project Management
● Continuous Integration
● Continuous Development
● Communications
● APIs
● Single Sign-On Providers
● Web Application Firewalls

For a more complete list of the available

integrations, check out htWhat
tps:/ www.acunetix.com/supporSystems
t/docs/a360/integrations/what-systems-does-acunetDoes
ix-360-integrate-with/
Acunetix 360ntegrati
https://www.acunetix.com/support/docs/a360/i Integrate
ons/what-systems-does-acunetixWith?
-360-integrate-with/

Guide to Acunetix 360 Basics 11

ABOUT ACUNETIX

Acunetix is a global web security leader. As the first Our mission is to provide you with a trustworthy
company to build a fully dedicated and fully web security solution that protects all your assets,
automated web vulnerability scanner, Acunetix aligns with all your policies, and fits perfectly into
carries unparalleled experience in the field. The your development lifecycle. The Acunetix platform
Acunetix web vulnerability scanning platform has frees up your security team resources. It can detect
been recognized as a leading solution multiple vulnerabilities that other technologies would miss
times. It is also trusted by customers from the because it combines the best of dynamic and static
most demanding sectors including many fortune scanning technologies and uses a separate
500 companies. monitoring agent. It is your platform of choice for
comprehensive web vulnerability assessment and
vulnerability management.

WHERE TO FIND US CONTACT INFORMATION

Stay up to date with the latest Acunetix (Europe and ROW)

web security news. Tel. +44 (0) 330 202 0190
Fax. +44 (0) 30 202 0191
Website. www.acunetix.com
mailto:sales@acunetix.com
Email. sales@acunetix.com
Acunetix Web Security Blog. www.acunetix.com/blog
acunetix.com/blog
Acunetix (USA)
Facebook. www.facebook.com/acunetix
facebook.com/acunetix
Tel. (+1) 737 241 8773
Twitter. www.twitter.com/acunetix
twitter.com/acunetix Fax. (+1) 737 600 8810
Email. mailto:salesusa@acunetix.com
salesusa@acunetix.com