Acunetix Support

Product Articles

Get a detailed overview of product functionality

Product Releases

Stay up to date on what's new with Acunetix

Support Videos

Are you a visual learner? Check out our support videos

Introduction

Introduction to Acunetix

A quick overview of Acunetix

Logging in to Acunetix

Navigation in Acunetix

Installation (On-Premises)

Installing Acunetix on Windows or Linux

Installing Acunetix via Command Line

Installing Acunetix for Docker

Installing Network Scanning

Installing Acunetix Multi-Engine

Installing Malware Scanning

Installing Malware Scanning on Windows

Installing Malware Scanning on Linux

Updating

Updating to the latest Acunetix On-Premises build

Updating an Acunetix Docker container

Resetting the master password

Allowlisting requirement for agents

Discovery

Web Asset Discovery

Introduction to Discovery

Getting Started with Discovery

Adjusting Discovery Settings, Inclusions, and Exclusions

Target creation from Web Asset Discovery

Predictive Risk Scoring

Introduction to Predictive Risk Scoring

Utilizing Predictive Risk Scoring

Targets

What is a Target?

Adding Targets

Target Groups

Retrieving the target_id for a specific Target

Configuring Target Settings

Configuring Targets

Target Settings - Proxy Server

Target Settings – Site Login (scan restricted areas)

Converting Selenium Scripts to Acunetix LSR Files

Target Settings – AcuSensor

Target Settings - Crawling Options

User Agent String

Case Sensitive Paths

Limit Crawling to Address and Sub-directories Only

Excluded Paths

Adding paths via Import Files / API Definitions

Target Settings - HTTP Options

HTTP Authentication

Client Certificate

Target Settings - Advanced Options

Custom Headers

Custom Cookies

Issue Tracker Integration

Allowed Hosts

Knowledge Base

Excluded Hours

Scanning Engine

Debug Scans

AcuSensor

Introduction to deploying AcuSensor

AcuSensor Bridge

Downloading the AcuSensor Agent using the Acunetix API

Locating IAST AcuSensor logs

AcuSensor for PHP

Deploying AcuSensor for PHP

Deploying AcuSensor for PHP - Docker

Deploying AcuSensor for PHP - AWS Elastic Beanstalk

AcuSensor for .NET

Deploying AcuSensor for .NET - Supported Scenarios

Deploying AcuSensor for ASP .NET

Deploying AcuSensor for ASP .NET Core

Deploying AcuSensor for .NET - AWS Elastic Beanstalk

AcuSensor for JAVA

Installing the AcuSensor Agent for Java websites

Deploying the AcuSensor Agent for Java - Tomcat (Windows/Linux/Docker)

Deploying the AcuSensor Agent for Java - Docker (Spring Boot)

Deploying AcuSensor for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)

Deploying AcuSensor for Java - Windows/Linux (Jetty 10.0.10 + WAR File)

Deploying AcuSensor for Java - Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR File)

Deploying AcuSensor for JAVA – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)

Scanning an Application in AWS Elastic Beanstalk (Tomcat + WAR File)

AcuSensor for Node.js

Deploying AcuSensor for Node.js

Deploying AcuSensor for Node.js - Docker

Deploying AcuSensor for Node.js - AWS Elastic Beanstalk

API Security

Introduction

API types and specification formats

API Discovery

API Discovery Overview

Introduction to API Discovery Sources

Getting Started with Zero Configuration API Discovery

Installing the Invicti Network Traffic Analyzer

Network Traffic Analyzer: Tap Plugin FAQs

Integrating with Apigee API hub

Integrating with Amazon API Gateway

Integrating with MuleSoft Anypoint Exchange (Acunetix Online)

Integrating with MuleSoft Anypoint Exchange (Acunetix On-Premises)

Managing your API Inventory

Linking and unlinking discovered APIs to targets

Scans

Types of scans

Launching a new scan

Instant scans

Future scans

Recurrent scans

Incremental scans

Continuous scanning

Malware scanning

Working with scans

Interacting with a scan in progress

Reviewing scan results

Runtime SCA Findings

Reducing scan times

Scan statuses

Scans and network errors

Changing the maximum duration of a scan (Acunetix On-Premises)

Scan data retention and scan archiving

How Acunetix approaches FIPS

Vulnerabilities

Vulnerability severity levels

Managing and prioritizing vulnerabilities

Viewing vulnerability details

Changing a vulnerability status

Retesting vulnerabilities

Reports

Generating reports

Types of Acunetix reports

Scan Profiles

Default Scan Profiles

Custom Scan Profiles

WAFs

Configuring Web Application Firewalls

Exporting Scan Results to WAFs - Introduction

Import Scan Results into Amazon AWS Web Application Firewall

Import Scan Results into F5 Big-IP ASM

Import Scan Results into Imperva SecureSphere

Import Scan Results into Fortinet FortiWeb

Import Scan Results into Citrix Web App Firewall

Excluded Hours

Configuring Excluded Hours

Agents

Introduction to internal site scanning

Managing internal agents

Installing internal agents

Installing internal agents on Windows

Installing internal agents using Docker

Installing internal agents with proxy settings

LSR/BLR for internal agents

Introduction to the Acunetix standalone Login Sequence Recorder

Installing the Acunetix standalone Login Sequence Recorder

Recording a login sequence with the Acunetix standalone LSR

Editing an LSR file with the Acunetix standalone LSR

Using a login sequence with an internal target

Issue Trackers

Configuring Issue Tracker Integration - Overview

Integrating Acunetix with Azure DevOps Server (TFS)

Integrating Acunetix with Azure DevOps Services

Integrating Acunetix with BugZilla

Integrating Acunetix with Github

Integrating Acunetix with Gitlab

Integrating Acunetix with JIRA using HTTP Basic Token

Integrating Acunetix with JIRA using oAuth

Integrating Acunetix with Mantis

Configuring Continuous Integration & Deployment

Configuring CI/CD Integration - Overview

Integrating Acunetix with Azure DevOps Services for CI/CD

Integrating Acunetix with CircleCI for CI/CD

Integrating Acunetix with GitHub for CI/CD

Integrating Acunetix with GitLab for CI/CD

Integrating Acunetix with Jenkins for CI/CD

Settings

Configuring Settings in Acunetix Online

License management

Acunetix On-Premises Settings

Configuring General Settings

Email Settings

Proxy Settings

Configuring Network Scanning

Editing the Acunetix settings.xml file

Users & Access Management

Overview of users and roles in Acunetix

Adding and managing users

Managing account and access settings

Creating and managing roles

Assigning roles and target groups to users

Adding and managing user groups

Permissions in Acunetix

Single Sign-On

Single Sign-On Settings

Configuring Microsoft Active Directory Federation Services Integration with SAML

Configuring Microsoft Entra ID (Azure Active Directory) Integration with SAML

Configuring Google Single Sign-On Integration with SAML

Configuring Okta Single Sign-On Integration with SAML

Configuring SAML-based Single Sign-On Integration

Configuring OneLogin Secure Single Sign-On Integration with SAML

Configuring Ping Identity Single Sign-On Integration with SAML

Profile Settings

Managing your profile

Changing your email address

Changing the language of the user interface

Changing the time zone in Acunetix

Changing your password

Generating a new API key

Configuring Two-Factor Authentication (2FA)

Managing email notifications

Release Notes

Acunetix Standard & Premium Release Notes

Getting Started

Introduction

What is Acunetix 360?

Comparison Between Acunetix 360 (Online) and Acunetix 360 On-Premises Editions

Acunetix 360 Licensing

How Does Acunetix Licensing Work?

Before Using Acunetix 360

Quick Start Guide for Acunetix 360

Glossary

Installation

Acunetix 360 On-Demand

Excluding Acunetix 360 files from antivirus scans

Acunetix 360 On-Premises

Orientation

Logging in to Acunetix 360

Navigation in Acunetix 360

Using filters

Dashboards

Introduction to the Dashboards

Global Dashboard

Discovery

Web Asset Discovery

The Discovery Service - Introduction

Configuring the Discovery Service

Managing the Discovered Websites List

Configuring AWS Connections

Predictive Risk Scoring

Introduction to Predictive Risk Scoring

Utilizing Predictive Risk Scoring

Targets

What is a Target?

Targets Dashboard

Adding a Target

Importing Targets

Managing Targets

Verifying Target Ownership

What are Target Groups?

Creating and Managing Target Groups

Viewing and Filtering Target Groups

API Security

Introduction

API types and specification formats

Installing Invicti API Security for Acunetix 360 On-Premises

API Discovery

API Discovery Overview

Introduction to API Discovery Sources

Getting Started with Zero Configuration API Discovery

Installing the Invicti Network Traffic Analyzer

Network Traffic Analyzer: Tap Plugin FAQs

Integrating with Apigee API hub

Integrating with Amazon API Gateway

Integrating with MuleSoft Anypoint Exchange (Acunetix 360 On-Demand)

Integrating with MuleSoft Anypoint Exchange (Acunetix 360 On-Premises)

Managing your API Inventory

Linking and unlinking discovered APIs to targets

Scanning APIs

Overview of Scanning APIs

Scanning gRPC API Web Services

Scanning SOAP API Web Services

Scanning a RESTful API Web Service

Scanning a GraphQL API for vulnerabilities

Importing links and API definitions

Importing links from supported tools

Scans

Introduction to scanning

Web Application Security Scanning Flow

Scanning Production Environments

Stages of Scanning

Overview of Scanning

Launching scans

Creating a New Scan

Scheduling Scans

Setting up incremental scans

PCI DSS Scanning

Retrieving Mend SAST scan results

Scan Results

Recent Scans

Reviewing Scan Results and Imported Vulnerabilities

Viewing Mend SAST scan results in Acunetix 360

Viewing detected technologies

Working with scans

Managing scans

Excluding Parts of a Website from a Scan

Configuring Additional Websites

URL Rewrite Rules

Pre-Request Scripts

Using the business logic recorder

Scan Time Window

Scan Groups

Scan Profiles

Overview of Scan Profiles

Configuring scan profiles

Security Checks

Security Checks

WAF Identifier

GraphQL Library Detection

Identifying MongoDB injection vulnerabilities

BREACH Attack

Forced Browsing

Login Page Identifier

Malware Analyzer

Custom Scripts for Security Checks

Authentication

Overview of Authentication

Configuring and Verifying Form Authentication

Custom Scripts for Form Authentication

Authentication Profiles

Configuring Basic, Digest, NTLM/Kerberos and Negotiate Authentication

Configuring Client Certificate Authentication

Configuring OAuth2 Authentication

Configuring Header Authentication

Logout Problems

Logout Detection

Working With Scan Scopes

Scan Scope

Excluding File Types From a Scan

AcuSensor

Deploying AcuSensor in Acunetix 360 On-Demand

Deploying AcuSensor in Acunetix 360 On-Premises

Configuring Acunetix 360 Bridge

How AcuSensor enriches vulnerability reports in Acunetix 360

AcuSensor for PHP

Deploying AcuSensor for PHP

Deploying AcuSensor for PHP – Docker

AcuSensor for .NET

Deploying AcuSensor for .NET – Supported Scenarios

Deploying AcuSensor for .NET in Acunetix 360 On-Demand

Deploying AcuSensor for .NET in Acunetix 360 On-Premises

Deploying the AcuSensor agent for .NET Core

AcuSensor for JAVA

Installing the AcuSensor agent for Java websites – Acunetix 360

Deploying the Acunetix 360 AcuSensor agent for Java – Tomcat (Windows/Linux/Docker)

Deploying the Acunetix 360 AcuSensor agent for Java – Docker (Spring Boot)

Deploying the Acunetix 360 AcuSensor for Java – Windows/Linux (JBOSS 7.4 Standalone + WAR File)

Deploying Acunetix 360 AcuSensor for Java – Windows/Linux (Jetty 10.0.10 + WAR File)

Deploying Acunetix 360 AcuSensor for Java – Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR File)

Deploying Acunetix 360 AcuSensor for Java – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)

Scanning an application in AWS Elastic Beanstalk (Tomcat + WAR file) – Acunetix 360

Deploying AcuSensor for Node.js in Acunetix 360

Deploying AcuSensor for Node.js – Docker in Acunetix 360

Running software composition analysis with AcuSensor in Acunetix 360

Reporting

Introduction to Reports

Overview of Reports

Working With Reports

Chart Reports

Editing vulnerabilities and assigning security standards

Troubleshooting Inconsistent Web Security Scan Results

Knowledge Base Nodes

Issues

Working With Issues

Managing Issues

Viewing Issues

Vulnerability Severity Levels

Exporting a Vulnerability to an Issue Tracking System

Assigning an Issue to Another Team Member

Disabling the Assigning of Issues to the Code Committer

Viewing the HTTP Request and Response of an Issue

Updating the Status of an Issue

Tagging in Acunetix 360

References

How Acunetix 360 approaches FIPS

Error messages in scan failures

Technologies

Technologies Dashboard

Viewing recent technologies

Technology notifications

Fingerprinting Libraries

Detecting the Log4j vulnerability

Policies

Scan Policies

Overview of Scan Policies

Scan Policy Editor

Configuring Scan Policies

Scanning Single Page Applications

Scanning Parameter-Based Navigation Websites

Scan Policy Optimizer

Excluding Parameters from a Scan

Configuring Predefined Web Form Values

How AcuMonitor Finds Vulnerabilities

Report Policies

Overview of Report Policies

Custom Report Policies

Notifications

Introduction to Notifications

Configuring the User Profile for Notifications

Creating notifications

Managing Notifications

Configuring Notifications to Report Vulnerabilities to an Issue Tracking System

Managing Notification Priorities

Previewing Notifications

Integrations

Introduction to Integrations

Integrating Acunetix 360 into Your Existing SDLC

What Systems Does Acunetix 360 Integrate With?

Integrating Acunetix 360 into Your Vulnerability Management System

Configuring Integrations

Configuring User Mappings

Issue Tracking Systems

Integrating Acunetix 360 with an Issue Tracking System

Integrating Acunetix 360 with Azure Boards

Integrating Acunetix 360 with Bitbucket

Integrating Acunetix 360 with Bugzilla

Integrating Acunetix 360 with DefectDojo

Integrating Acunetix 360 with FogBugz

Integrating Acunetix 360 with Freshservice

Integrating Acunetix 360 with GitHub

Integrating Acunetix 360 with GitLab Issues (Issue Tracking)

Integrating Acunetix 360 with Jazz Team Server

Integrating Acunetix 360 with Jira

Integrating Acunetix 360 with Kafka

Integrating Acunetix 360 with Kenna

Integrating Acunetix 360 with Invicti Standard

Integrating Acunetix 360 with PagerDuty

Integrating Acunetix 360 with Pivotal Tracker

Integrating Acunetix 360 with Redmine

Integrating Acunetix 360 with ServiceNow Incident Management

Integrating Acunetix 360 with Shortcut

Integrating Acunetix 360 with Splunk

Integrating Acunetix 360 with TFS

Integrating Acunetix 360 with Unfuddle

Integrating Acunetix 360 with YouTrack

Project Management

Integrating Acunetix 360 with Asana

Integrating Acunetix 360 with Trello

Continuous Integration Systems

Viewing Continuous Integration Information in the Status Window

Viewing Continuous Integration Information in the Issues Window

Integrating Acunetix 360 with Azure Pipelines

Integrating Acuentix 360 with the Bamboo Plugin

Integrating Acunetix 360 with CircleCI

Integrating Acunetix 360 with GitLab CI/CD

Integrating Acunetix 360 with UrbanCode Deploy

Integrating Acunetix 360 with GitHub Actions

Integrating Acunetix 360 with Jenkins

Integrating Acunetix 360 with the TeamCity Plugin

Integrating Acunetix 360 with Travis CI

Communication

Integrating Acunetix 360 with Mattermost

Integrating Acunetix 360 with Microsoft Teams

Integrating Acunetix 360 with Slack

Secrets and Encryption Management

Integrating Acunetix 360 with HashiCorp Vault

Integrating Acunetix 360 with CyberArk Vault

Integrating Acunetix 360 with Azure Key Vault

API

Integrating Acunetix 360 with Webhooks

Integrating Acunetix 360 with Zapier

Single Sign-On Providers

SAML Authentication Services

Configuring Azure Active Directory Integration with SAML

Configuring Google Single Sign-On Integration with SAML

Configuring Microsoft Active Directory Federation Services Integration with SAML

Configuring Okta Single Sign-On Integration with SAML

Configuring PingFederate Single Sign-On Integration with SAML

Configuring Pingidentity Single Sign-On Integration with SAML

Configuring SAML-Based Single Sign-On Integration

Troubleshooting SSO Issues

System for Cross-domain Identity Management

Configuring Azure Active Directory Integration with SCIM in Acunetix 360

Configuring Okta Integration with SCIM in Acunetix 360

Vulnerability Management

Integrating Acunetix 360 with ServiceNow Vulnerability Response (Plugin)

Integrating Acunetix 360 with ServiceNow Vulnerability Response using an integration script

Integrating Acunetix 360 with ServiceNow Application Vulnerability Response

Connections

Integrating Acunetix 360 with Mend SAST

Team Management

Introduction to Team Management

Overview of Team Management

Managing Team Members

Managing Roles

Managing Teams

User Permissions

Viewing Your Roles and Teams

General Settings – User roles and permissions

Configuring Roles

Team Administrator role

Team Administrator capabilities and assigning the role

Assigning roles to a specific Member

Assigning roles to a Team

Custom Team Administrator roles with setup examples

LDAP service

Configuring LDAP

Activity

Activity Logs

Agents

Scan Agents

Agents in Acunetix 360 On-Premises

Installing Internal Agents

Malware Analysis with ClamAV

Internal Agents

Installing a scanner agent via dockerization

Installing scanner agents using Docker (CLI)

Installing scanner agent via Kubernetes and OpenShift

Installing a Scan Agent on Linux (Debian Distribution)

Installing a Scan Agent on Linux (RedHat Distribution)

Internal agents version

Configuring internal agents for secrets management services

Troubleshooting agent issues

Authentication Verifier Agents

Managing Authentication Verifier Agents

Installing Authentication Verifier Agents

Installing Authentication Verifier Agent on Linux (Debian)

Installing Authentication Verifier Agent on Linux (RedHat)

Settings

Introduction to Settings

Overview of Settings

Configuring Settings

General Settings

User roles and permissions for General Settings

Security Settings

Email Settings

SMS Settings

Encryption Settings

Service Credentials Settings

Cloud Provider Settings

Authentication Verifier Settings

Licensing Settings

Configuring Login Warning Banner

Single Sign-On Settings

IP Restrictions Settings

Database Settings

Your Account

Account

Early Access

Settings and Password

API Overview

Two-factor Authentication

License

About

Release Notes

Acunetix 360 On-Demand Release Notes

Acunetix 360 On-Premises Release Notes

Setup and Installation HowTos

Can different users have different languages for the Web Interface?

Can I enable debug logging for all targets?

Can I upgrade my existing installation to one which supports Simplified Chinese?

Getting Comfortable with Acunetix APIs

How to backup files from previous versions of Acunetix WVS

How to setup a login sequence in Acunetix WVS

How to switch Acunetix UI to Simplified Chinese

Migrating Acunetix On-Premises to Another Server

Targets

Can I scan a Flash site for Vulnerabilities?

What is the difference between Site Login and HTTP Authentication?

Which API description languages does Acunetix support?

Scanning Websites

Are scans for the Target stopped or paused during excluded hours?

Can I alter the Scan or Target Settings during a scan?

Can I pause a scan?

Can I restart my machine when a scan is paused?

Configuring Acunetix to exclude scanning a portion of website

Configuring Acunetix to include only specific portions of a website

Do Acunetix Scans Damage Web Applications?

Does Acunetix detect if a Target website is behind a web application firewall?

How can I be sure that Acunetix has crawled my entire website?

How can I detect malware and phishing URLs using Acunetix?

How do I avoid getting blocked by my hosting provider when running an Acunetix scan?

How do I configure scan speed in Acunetix?

How does Acunetix perform an automated scan and detect vulnerabilities?

How long can a scan remain in a paused state?

How long does a scan take to complete?

How to Block Automated Scanners from Scanning your Site

How to Obtain the Acunetix Manual Pen Testing Tools

My scan seems to be stuck...

Should I scan a website through a web application firewall?

Which malware scanners are used by Acunetix malware scanning?

Why is my scan showing as queued?

Vulnerabilities

Log4j FAQ

What is the proof of exploit in the Acunetix vulnerability alert?

What is the vulnerability confidence rating and why is it important?

Why does Acunetix highlight parts of the HTTP response in a vulnerability?

How to check for the latest vulnerabilities added to Acunetix

Troubleshooting and Error Queries

How can I prevent a scan from causing an email flood?

How Response Time Affects a Scan’s Performance

I get a warning icon in the Status column of a scan. Where can I find more information on the warning?

Negative Impacts of Automated Vulnerability Scanners and How to Prevent them

Why does Acunetix indicate 'connection was terminated by host’ in the error log?

User Account Queries

How to create Scan Targets per customer

Other Generic FAQs

Can I re-use the AcuSensor file on multiple Targets?

Does Acunetix integrate with Jenkins?

Does AcuSensor require a password?

How can I integrate Acunetix with another third-party application?

Integrating Acunetix in your Jenkins Pipeline

Is there a limit on the number of scans that can be done using Acunetix?

What is AcuMonitor, and which vulnerabilities does it help detect?

What is the difference between Fixed, Ignored and False Positive?

What vulnerability classifications does Acunetix use?

Which web application vulnerabilities does Acunetix Scan for?

Why are the Trend Charts in the Dashboard not showing any data?

Acunetix 360 Specific

Integrations, Reporting, and Governance

Acunetix On Premises specific

Configuring a Logon Banner message

How do I use Acunetix on a host other than localhost?

How do I install the Acunetix Root Certificate on another computer?

How do I enable logging for a scan?

Import Files – Pre-Request Scripts

How to enable Email Notifications in Acunetix On Premises

Security Configuration Guide for Acunetix Standard and Premium On-Premises

Why do I get a Security Warning in Firefox when I use Acunetix?

What can I do if I find an error or a problem with Acunetix?

Where are Acunetix files stored?

Acunetix Online specific

Acunetix Online cannot connect to my Scan Target

After purchasing a license for Acunetix Online, what do I do next?

I am using Acunetix Online. Do I need to download anything?

Registration and Evaluation of Acunetix Online

When I renew my Acunetix Online Subscription next year, can I change my scan targets?

Which Network Vulnerabilities does Acunetix scan for?

Which Trojans and Backdoors does Acunetix scan for?

Featured Support Videos

View all Support Videos

Acunetix Premium Dashboard First Steps with Acunetix

Acunetix Premium Demo

Watch this Acunetix Premium demo video that takes you on a tour of the tool. Get an overview of its powerful features, such as the macro recorders, the AcuSensor IAST component, a stack of integrations, and more..

Acunetix Premium Scans and Vulnerabilities Analyzing Results

Acunetix Premium Scans and Vulnerabilities Analyzing Results

Watch this video to see how to analyze the results of a scan in Acunetix Premium. Learn how to filter your results and how to interpret information.

Acunetix Premium Targets Setting Up and Launching a Scan

Acunetix Premium Targets Setting Up and Launching a Scan

Watch this video to see how to set up and launch a scan in Acunetix Premium. Learn how to select scan targets and customize scans.

View all Support Videos

Featured Product Articles

View all Featured Product Articles

Why Are Some Vulnerabilities Marked as Verified?

Starting from Acunetix Version 12 (build 12.0.190325161), Acunetix marks some...

Migrating Acunetix On-Premise to Another Server

This article explains the steps that you should take to migrate Acunetix On-Premise to another...

Step by Step Configuration of Acunetix with Jenkins

Acunetix offers out-of-the-box integration with Jenkins CI. The setup procedure requires the...

View all Featured Product Articles