Default scan profiles
What are scan profiles?
Scan profiles are a collection of pre-configured tests to check your web application for vulnerabilities. When launching a scan, you select a scan profile to run against the Target. A variety of scan profiles are included by default that are designed to meet the requirements of application security specialists. You may either use the default scan profiles or tailor checks based on your needs by creating custom scan profiles to suit your particular requirements. A single Target can be scanned multiple times using several different scan profiles.
Default scan profiles
Default scan profiles are a logical grouping of tests that test for specific classes of vulnerabilities such as SQL injection or Cross-Site Scripting tests which you can use to reduce the scope of the tests the scanner will run during the scan.
These are the built-in scan profiles:
- Full Scan: Uses the full scan profile to launch a scan using all the checks available in Acunetix. This profile provides the most comprehensive coverage of vulnerabilities.
- Critical / High Risk: Only checks for the most dangerous web vulnerabilities, such as Cross-site Scripting, SQL Injection, File Inclusion, and more. The checks included in the Critical / High Risk scan profile are dynamically generated with each release to add the latest critical and high severity checks.
- Critical / High / Medium Risk: Only checks for web vulnerabilities that put the site at critical and high risk of being hacked, and medium risk server misconfigurations and site-coding flaws. The checks included in the Critical, High, and Medium Risks are dynamically generated with each release to add the latest critical, high, and medium severity checks.
- Cross-site Scripting: Only checks for Cross-site Scripting vulnerabilities. This scan profile is dynamically generated, meaning that it is updated with each release to add the latest checks.
- SQL Injection: Only checks for SQL Injection vulnerabilities. This scan profile is dynamically generated, meaning that it is updated with each release to add the latest checks.
- Weak Passwords: This scan profile identifies forms that accept a username and password. It will attack these forms to identify vulnerabilities.
- Crawl Only: Only crawls the site and builds the structure of the site without running any vulnerability checks.
- Full Web and Network Scan: This includes all the web vulnerability checks that Acunetix supports and all the network security checks that Acunetix supports via the OpenVAS engine. For a list of all web checks, refer to Web Application Vulnerabilities. For a list of all network checks, refer to Network Security Checks.
- OWASP Top 10: Only checks for the most critical security risks to web applications as defined by the OWASP Top 10.
- Network Scan: Uses the OpenVAS engine inside your network to scan network services that are not available from the outside but still may be subject to internal threats.
- PCI checks: Identifies vulnerabilities that do not comply with Payment Card Industry (PCI) data security standards.
- Sans Top 25: Only checks for the top 25 most dangerous software errors of the Common Weakness Enumeration (CWE) list.