Utilizing Predictive Risk Scoring
Predictive Risk Scoring in Acunetix Premium and Acunetix Premium+ helps you prioritize your web assets prior to scanning by giving an indication of how likely each website is to have vulnerabilities. This guide shows you how to use Predictive Risk Scoring to order and filter your discovered web assets based on their Risk Score, so you can focus on scanning and fixing your most vulnerable websites first.
TIP: For more information about Predictive Risk Scoring and how it works, refer to Introduction to Predictive Risk Scoring. |
PREREQUISITES for Acunetix On-Premises:
|
How to enable or disable Predictive Risk Scoring
To start using Predictive Risk Scoring, you first need to ensure that the feature is enabled in the Discovery Settings by following the steps below:
- Log in to Acunetix.
- Select Discovery > Settings from the left-side menu.
- Select (to enable) or deselect (to disable) the checkbox next to Enable Risk Scoring.
- Click Save.
How to use Predictive Risk Scoring
Predictive Risk Scoring runs in the background as part of Web Asset Discovery. Risk Scores are displayed on the Discovery page for each of your discovered web assets. Filtering and sorting your discovered web assets according to their Risk Score allows you to easily determine which sites to scan immediately and which sites can be scanned next.
How to view Risk Scores
- Select Discovery from the Acunetix main menu.
- The Discovery page displays a table with details of each web asset that has been detected by Acunetix.
TIP: You can adjust the Discovery Settings to specify which domains, IP addresses, and organization names are included or excluded in your Discovery results. For more information, refer to Adjusting Discovery Settings, Inclusions, and Exclusions. |
- The second column in the table displays the Risk Score for each web asset. The possible risk scores are:
- Critical: The site is predicted to have at least one critical severity vulnerability.
- High: The site is predicted to have at least one high severity vulnerability.
- Medium: The site is predicted to have at least one medium severity vulnerability.
- Low: The site is predicted to have at least one low severity vulnerability.
- Undetermined: Acunetix was unable to calculate a risk score for the site.
- Temporarily Unavailable: A risk score cannot be calculated at this time. Check back later.
- Scoring queued: The risk score will be calculated soon and will update its state once complete.
- Loading: The risk score is currently being calculated and will be displayed shortly.
TIP: When you create a target from a discovered web asset and scan that target, the risk score information on the Discovery page updates to show the date and time of the most recent scan of that target/web asset. |
How to filter by Risk Score
- Click in the Filter box above the Discovery results table.
- Select Risk Score from the drop-down menu.
- Select a risk score from the available options that appear. Your web asset discovery results are now displayed according to the filter you specified.
NOTE: You can only filter by one risk score at a time. |
- To clear your filter settings, click the X in the Filter box.
How to sort by Risk Score
- In the Discovery results table heading bar, hover your cursor to the right of the Risk Score heading and click the arrow that appears.
- Your web asset discovery results are now displayed in ascending or descending priority order (depending on the direction of the arrow), with critical as the highest priority risk score.
How to refresh Risk Score results
- Use the checkboxes on the left of the Discovery results table to select web assets to refresh their Risk Score.
- Click Refresh Risk. This sends a new request to calculate the risk score prediction.
- Reload the Discovery page to view the refreshed risk score.
How to create Targets for scanning
After using the Risk Score information to identify your most vulnerable web assets, you can create Targets for those web assets to immediately start scanning them for vulnerabilities. (For more information about Targets, refer to What is a Target?)
- On the Discovery page, use the checkboxes on the left of the table to select web assets to create Targets.
- Click Create Target.
- Add a Description for each new Target.
- If applicable, use the checkboxes in the Target Group Assignment section to assign your new Targets to a particular Target Group.
- Click Save.
Your newly created Targets are now displayed on the Targets page.
If you now return to the Discovery page, the Target Created column populates with the date and time when the Target was created for the listed web assets.
Subsequently, when you scan a Target that was created from the Discovery page, the Risk Score on the Discovery page changes to show the highest vulnerability found during the scan.
Further resources
For more information about scanning Targets, refer to the following documentation: