Types of Acunetix reports
The following is a list of the report templates that are available and can be generated from the Targets, Scans, Vulnerabilities, or Reports pages in Acunetix. The format of each report, the details included, and the grouping used in the report are determined by the report template.
Standard Reports
After selecting a target on the Targets or Scans page, click Generate Report, then select your desired report. The following reports are available:
Affected Items Report
The Affected Items report shows the files and locations where vulnerabilities have been detected during a scan. The report shows the severity of the vulnerability detected, together with other details about how the vulnerability has been detected.
Comprehensive Report
The Comprehensive Report takes the information available in the Developer Report, and presents it in a more concise format, adding a leading graphical section with statistical data. For each vulnerability, each HTTP request made to the target is accompanied by the HTTP response received.
Comprehensive Report - HTML Format vs PDF Format
|
Developer Report
The Developer Report is targeted to developers who need to work on the website in order to address the vulnerabilities discovered by Acunetix. The report provides information on the files that have a long response time, a list of external links, email addresses, client scripts, and external hosts, together with remediation examples and best practice recommendations for fixing the vulnerabilities.
Executive Summary Report
The Executive Summary Report summarizes the vulnerabilities detected in a website and gives a clear overview of the severity level of vulnerabilities found in the website.
Quick Report
The Quick Report provides a detailed listing of all the vulnerabilities discovered during the scan.
SCA Report
The Runtime SCA report contains information about the identified out-of-date technologies detected on the target and the other versions available for each technology.
Comparing Scans
The Scan Comparison report lets you compare two scans on the same Target, highlighting the differences between them. This option is available only when two scans for the same Target are selected.
Compliance Reports
In Acunetix Premium Compliance Reports are available for the following compliance bodies and standards:
CWE Top 25 Most Dangerous Software Weaknesses
This report shows a list of vulnerabilities detected in your target that are listed in the CWE Top 25 Most Dangerous Software Weaknesses. These errors are often easy to find and exploit and are dangerous because they often allow attackers to take over the website or steal data. More information can be found at http://cwe.mitre.org/top25/.
DISA STIG Web Security
The Security Technical Implementation Guide (STIG) is a configuration guide for computer software and hardware defined by the Defense Information System Agency (DISA), which is part of the United States Department of Defense. This report identifies vulnerabilities that violate sections of STIG and groups the vulnerabilities by the sections of the STIG guide which are being violated.
HIPAA (The Health Insurance Portability and Accountability Act)
Part of the HIPAA Act defines the policies, procedures, and guidelines for maintaining the privacy and security of individually identifiable health information. This report identifies the vulnerabilities that might be infringing these policies. The vulnerabilities are grouped by the sections as defined in the HIPAA Act.
International Standard – ISO 27001
ISO 27001, part of the ISO / IEC 27000 family of standards, formally specifies a management system intended to bring information security under explicit management control. This report identifies vulnerabilities that might violate the standard and groups the vulnerabilities by the sections defined in the standard.
NIST Special Publication 800-53
NIST Special Publication 800-53 covers the recommended security controls for Federal Information Systems and Organizations. Once again, the vulnerabilities identified during a scan are grouped by the categories as defined in the publication.
OWASP Top 10 (2013, 2017, 2021)
The Open Web Application Security Project (OWASP) is a web security project led by an international community of corporations, educational institutions, and security researchers. OWASP is renowned for its work in web security, specifically its list of the top 10 web security risks to avoid. This report shows which of the detected vulnerabilities are found on the OWASP list.
Payment Card Industry (PCI) standards (3.2, 4.0)
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that applies to organizations that handle credit cardholder information. This report identifies vulnerabilities that might breach parts of the standard and groups the vulnerabilities by the requirement that has been violated. The PCS DSS 4.0 report is the latest version. Reports for the previous version, PCI DSS 3.2, also remain valid until the end of March 2024.
Sarbanes Oxley Act
The Sarbanes Oxley Act was enacted to prevent fraudulent financial activities by corporations and top management. This report lists vulnerabilities that are detected during a scan that might lead to a breach of sections of the Act.
Web Application Security Consortium (WASC) Threat Classification
The Web Application Security Consortium (WASC) is a non-profit organization made up of an international group of security experts, which has created a threat classification system for web vulnerabilities. This report groups the vulnerabilities identified on your site using the WASC threat classification system.