Data Encryption, Storage, and Retention

This article explains how Acunetix 360 encrypts and stores data and shows you how to configure the retention period for raw scan files and scan data.

Encryption and data storage

Acunetix 360 On-Premises

Acunetix 360 On-Premises encrypts and decrypts sensitive data by using AES encryption. For encryption, Acunetix 360 uses a secret key that is randomly generated during a new installation (since v2.2). You are prompted to download and store your secret key during installation, as you cannot access this key again in Acunetix 360 On-Premises. For more information, including how to generate a new secret key, refer to Encryption Settings.

Acunetix 360 On-Demand

Acunetix 360 On-Demand utilizes the following security measures:

  • Data transfers, data at rest, and backups are encrypted with TLS 1.2, SSL certificates and 256-Bit AES.
  • Secure data disposal procedures, including but not limited to using secure erase commands, degaussing, and crypto shredding of data when required. Acunetix 360’s procedures follow industry standards, such as NIST 800-88 or ISO 27001 recommendations.
  • User account passwords are stored as salted hash values as defined in RFC 2898. PBKDF2 with HMAC-SHA256 is used as the hashing algorithm, and the salt length is 128-bit.
  • AWS S3 buckets use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

Retention policies

One of the ways to control accumulated data in Acunetix 360 is to set an expiry date for data. There are two different retention policies in Acunetix 360:

  • Raw scan files created by the Agent 
  • Deletion of this information does not affect future scheduled scans or the reports displayed in the web application.
  • Deletion of this information implies that you will no longer be able to download scan data via the UI, but the reports, reported vulnerabilities, and ancillary information will still be shown.
  • Scan data related to a scan
  • Deletion of this data will remove any data related to the scan from the web application database and from the Agent machine.
  • Reports, reported vulnerabilities, and indeed any information related to the scan will no longer be available.

How to configure data retention for raw scan files or scan data

  1. Select Settings > General from the left-side menu.

  1. In the Data Retention Settings section, enable the checkbox next to:
  • Configure retention period for raw scan files
  • Configure retention period for scan data

This will expose the slider control to specify the desired retention period.

  1. Click and drag the slider to adjust the retention period(s) according to your preference.

  1. Click Save at the bottom of the page.

The data retention period you specified is now set.


« Back to the Acunetix Support Page