Glossary
In this glossary, you can find an explanation of commonly used terms in Acunetix 360.
Account Owner
This is the user that has all the permissions in an Acunetix 360 account.
Addressed Issue
This is an issue that has been addressed and whose state has been updated.
Agent
Scan Agent: This lets you scan your website. The agent will conduct the actual scan job and then report the results back to Acunetix 360. For further information, see Installing Internal Agents.
Authentication Verifier Agent: This carries out the form authentication so that you can run an authenticated scan in your network. For further information, see Installing Authentication Verifier Agents in Acunetix 360.
Agent Mode
This displays whether the agent is scanning or an authentication verifier agent.
Application and Service Discovery
This service enables you to become aware of an enterprise's online assets, web applications, and services.
Authentication Profiles
This lets you save a custom script for form authentication in Acunetix360 and use it many times for different websites. When configured, Acunetix360 uses this custom script to authenticate itself against the target website. For further information, see Authentication Profiles.
Bi-directional Integration (2-way sync)
This is an integration method that helps Acunetix360 and an issue tracker system to synchronize issues between the applications. For further information, see Integrations.
Certainty percentage
This is the likelihood of that vulnerability being present.
Classification
Acunetix 360 classifies vulnerabilities in various standards like CWE, CVSS, PCI, and HIPAA.
Confirmation
This indicates that Acunetix 360 is 100% certain about an issue identified. Acunetix 360 verifies vulnerabilities by exploiting them in a read-only and safe manner.
Incremental Scan
This allows scanning of newly introduced and amended pages since the initial scan. Acunetix 360 also checks whether the vulnerabilities identified previously still exist.
Issue
This is a vulnerability identified by Acunetix 360.
Link
This is an HTTP Request for Acunetix 360. This can be a web page, submit button at the end of a form, or AJAX requests.
Link Pool
This is the pool where Acunetix 360 collects all links while crawling the web application or website. Acunetix 360 also uses this link pool to attack these links to identify vulnerabilities.
Acumonitor
This lets Acunetix 360 detect out-of-band vulnerabilities. For further information, see Installing AcuMonitor Internally.
Acusensor
This adds interactive security scanning (IAST) capabilities to Acunetix 360. For further information, see Deploying AcuSensor in Acunetix 360.
Notification
This lets you and your users be informed immediately about the status of a web application security scan or when specific vulnerabilities are detected by it. For further information, see Notifications.
Proof of Concept
Proof of Concept is the actual exploit that proves that the vulnerability exists. For example, after exploiting cross-site scripting (XSS) vulnerability, Acunetix 360 will report the payload that was used to inject code. Apart from providing evidence of the vulnerability, a proof of concept can also help developers isolate the exact issue that made exploitation possible.
Proof of Exploit
A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, demonstrating the impact an exploited vulnerability can have and proving that it is not a false positive.
Acunetix 360 scanners can generate proof when they identify the following vulnerability types:
- SQL Injection
- Boolean SQL Injection
- Blind SQL Injection
- Remote File Inclusion (RFI)
- Command Injection
- Blind Command Injection
- XML External Entity (XXE) Injection
- Remote Code Evaluation
- Local File Inclusion (LFI)
- Server-side Template Injection
- Remote Code Execution
- Injection via Local File Inclusion
Report Policy
This is a list of reporting settings for web security scan results and reports. For further information, see Overview of Report Policies.
Resource Finder
This is a feature of Acunetix 360 that checks files and folders that can lead to security risks even when they are not linked in the web application. These files, for example, can be admin, login, or backups.
Retest
This allows the scanning of the vulnerable pages after the fix.
Role
This allows you to determine what kind of responsibilities a team member has within Acunetix 360. For further information, see Managing Roles in Acunetix 360.
Severity
This shows the importance of vulnerability identified.
Scheduled Scans
This lets you schedule scans in advance. You can schedule full, incremental, and group scans. For further information, see Scheduling Scans.
Scan Groups
This lets Acunetix 360 create a scan group based on your scan configuration although these scans are related to the same host/domain name. So, you can view relevant dashboards, issue trends, etc. based on the scan group you selected. For further information, see Scan Groups in Acunetix 360.
Scan Policy
This is a list of web application security scan settings. When you want to run a Scan, you attach it to a Scan Policy. For further information, see Overview of Scan Policies.
Scan Policy Optimizer
This is a built-in wizard that helps you narrow down the security checks that will be run against your web application. Thanks to the optimizer, you can tweak the scanner to only run, for instance, Apache-related security checks while ignoring ISS-related checks. For further information, see Scan Policy Optimizer.
Scan Profile
This lets you save scan settings for future scans. Scan Profiles can be reconfigured at any time. For further information, see Scan Profiles.
Scan Scope
This allows you to define which parts of the target web application should be crawled. For further information, see Scan Scope.
Target URL
This is the target URL of the website, including the path.
Technical Contact
This is the person who is responsible for the website or vulnerability.
Trend Matrix
This provides correlated, trending data about the status of those vulnerabilities identified in your web application across several scans. For further information, see Trend Matrix Report.
Website
A website is defined in Acunetix 360 as a fully qualified domain name (FQDN). An FQDN is the complete domain name for a specific target and consists of two parts: the hostname and the domain name.
The below examples are considered to be 1 website as they share the same FQDN.
http://example.com
https://example.com
http://www.example.com
http://www.example.com/test
Subdomains and ports share the same FQDN but are considered to be different websites. For example:
http://example.com
http://test.example.com
http://example.com:81
http://api.example.com
Website Groups
Acunetix 360 lets you group websites to ease the management of multiple websites and scans. Grouping websites also is important for the multiple team feature in Acunetix 360 as you can assign a team or members only to website groups. For further information, see Website Groups in Acunetix 360.
Vulnerability Database
This is the database Acunetix 360 rests on to report known technologies, their versions, and their vulnerabilities. The database is periodically updated.