Before Using Acunetix 360

The most important thing that you need to know before using Acunetix 360 is that you must not scan a website without proper authorization from the owner. Scanning a website without this authorization is against the law. Acunetix 360 is not responsible for such actions and cannot be held responsible for potential damage to the target website.

What You Need to Know Before Launching a Web Security Scan

Acunetix 360 is a web application security scanner that uses the Proof of Exploit feature to attack web applications in order to automatically detect vulnerabilities such as XSS and SQL Injection. This means that the Acunetix 360 scanner has to identify all attack surfaces on the website. To do so, the crawler will navigate through the entire website and submit every form, including comment forms, email contact forms, delete buttons and all other types of inputs it finds in the target web application.

Preventing Acunetix 360 from Testing Certain Pages

To prevent Acunetix 360 from crawling and testing certain parts or pages on your website applications, you must specify them in the Exclude URLs with RegEx option in the Scope tab of Scan Options, as illustrated.

A web security scan consists of two phases: the crawling phase where the crawler browses the entire web application to identify all attack surfaces, and the scanning phase where the scanner starts attacking the website. During both phases, the scanner will send a large number of HTTP requests to the target website. Should the web security scan affect the performance of your website, you can decrease the number of concurrent connections in the Scan Policy.

For further information, see Excluding Parts of a Website From a Scan, Excluding File Types From a Scan and Excluding Parameters from a Scan.

Recommended Practice

The Acunetix 360 scanner is designed to run non-destructive web application security scans. However, we still recommend that you launch a web application security scan against pre-production websites when possible, especially at the start. Once you get used to Acunetix 360, and discover the correct configuration for scanning your web applications, you will be more confident scanning an actual production website.

Acunetix Support and Documentation

Professional support is available to all customers and trial users. If you need help, refer to our support documentation or submit a ticket through our Help Center.

 

« Back to the Acunetix Support Page