Reviewing scan results and imported vulnerabilities

After a scan is completed, you can view both a Scan Summary and a Technical Report of the scan's findings, which display information about the number, severity, and types of vulnerabilities detected, their potential impact, and where they exist on the site.

For further information, see Integrating Acunetix 360 With an Issue Tracking System and Vulnerability Severity Levels.

Vulnerability Families

Vulnerability Families is a feature that enables Acunetix 360 to avoid reporting similar vulnerabilities in the same URL. Similar vulnerabilities are arranged into groups called ‘families', in which vulnerabilities are prioritized based on their exploitability. (Previously, for example, Error-based, Blind and Boolean-based SQL injections in the same URL would have been counted as separate occurrences and therefore reported as separate vulnerabilities).

In a family, vulnerabilities are prioritized based on their exploitability. If an endpoint is vulnerable to similar versions of the same vulnerability, only the most relevant and easy to exploit vulnerability will be reported. This makes scan reports more simple, accurate and relevant.

How to review scan results and imported vulnerabilities

If the vulnerability has already been automatically created in your issue tracking system (because it meets the criteria configured in Configuring Endpoint Integration), the issue number will be displayed. The grouping of each vulnerability into a family is an automatic process and does not impact your review of scan results.

Once you have configured the integration, a new Send To button is added to every reported vulnerability listed in the scan results. This enables you to send the vulnerability to any of the integrated projects.

You can view the details saved in your issue tracking system by clicking on the issue number.

Sending vulnerabilities manually to an issue tracking system

Not every vulnerability is created in your issue tracking system, because not every vulnerability will meet the configured criteria. You can send multiple vulnerabilities manually to your issue tracking system.

NOTE: IF you send an issue that has already been sent by someone else, or created automatically, Acunetix 360 will not create a duplicate entry in your issue tracking system.

How to send vulnerabilities manually to an issue tracking system

  1. Select Scans > Recent Scans from the left-side menu.
  2. Next to the relevant scan, click Report on the right-hand side of the page.
  3. Scroll down to the Technical Report section and select an issue in the Issues panel that you want to send.
  4. Click Send To, and from the dropdown, select the relevant project.
  5. Once the issue is imported into your issue tracking system, you will be notified by Acunetix 360. The notification will include the issue number.

A confirmation that a vulnerability was successfully sent to JIRA

How to send multiple vulnerabilities manually to an issue tracking system

  1. Select Issues > To Do from the left-side menu.
  2. Check the checkbox next to each issue you want to send.
  3. Click Send To, then select the relevant issue tracker project from the drop-down.
  4. The issues are imported into your issue tracking system.

For more information on managing issues in Acunetix 360 refer to Viewing Issues in Acunetix 360.

Tracking and logs of issues sent to issue tracking systems

When a vulnerability is sent to your issue tracking system, Acunetix 360 creates a record in the History section of the issue's details page. To access the History log, select the issue title from the Issues page, then scroll down to the bottom of the page.

 

« Back to the Acunetix Support Page