Enabling Acunetix Online Services in Acunetix On-Premises

THIS DOCUMENT IS FOR:

  • Acunetix On-Premises

Acunetix Online Services includes Runtime Software Composition Analysis (Runtime SCA), AcuMonitor, and Malicious Link Detection. You must ensure that Acunetix Online Services are enabled for your Acunetix On-Premises installation before SCA analysis, out-of-band vulnerability detection through AcuMonitor, and malicious link detection can occur for your scanned targets.

This document explains how to enable Acunetix Online Services for Acunetix On-Premises.

How to enable Acunetix Online Services

  1. Click your user name in the top-left of the Acunetix On-Premises user interface, then select Profile.

  1. Scroll down to the Online Services section of the Profile page.
  2. Ensure the toggle next to Enable Acunetix Online Services is set to Yes.

  1. Click Save changes at the bottom of the page if necessary.

Scanning for vulnerable software components - SCA

Software Composition Analysis (SCA) is an important part of application security testing. Today's web applications deliver rich functionality through the use of multiple open-source components. Like all software, open-source components are subject to vulnerabilities, and each component will have a development path typically tracked with version numbers. The SCA checks the versions of components in the web application and identifying old and vulnerable ones.is the process of analyzing an application’s source code.

The Runtime SCA feature queries the Runtime SCA service, which is part of the Acunetix Online Services. In addition to enabling Acunetix Online Services, you also need to have the AcuSensor agent installed on your server. For more information, refer to Introduction to deploying AcuSensor.

When an application is scanned with Acunetix, the AcuSensor agent deployed to the application analyzes it, creates an inventory of components being used, and submits the inventory to the SCA server for comparison. The SCA server then responds to Acunetix if it finds any components with known vulnerabilities.

When reviewing the scan results, the SCA findings can be identified as 'vulnerable package dependencies' in the vulnerabilities list. Expanding the discovered vulnerability provides a detailed description of the vulnerable package. If multiple vulnerable packages of the same severity level are found, a detailed description will be shown for each vulnerable package.

 

« Back to the Acunetix Support Page