Network Scanner Settings Acunetix

[Sophie Reynolds]

Networksecurity issues are still the cause of many data breaches. This makes perimeter network vulnerability scanning, one of the baseline vulnerability assessment exercises any organization should routinely subject themselves to. Perimeter network vulnerability tests help make sure that no network devices, web servers or other public-facing network assets are susceptible to trivially exploitable vulnerabilities.

During a network vulnerability scan, an automated network vulnerability scanner checks for potential attacker entry points. Such a tool attempts to identify all network devices on your network and all network services exposed by these devices. Then, it checks if those services expose vulnerabilities, for example, old and vulnerable software versions.

Network vulnerability scanning looks for network services that should not be exposed and vulnerable versions of hardware and software. Web vulnerability scanning looks for vulnerabilities in web services that are exposed by definition and for errors introduced by web developers. The two types of scans are quite different.

Most businesses are migrating to the cloud so there are fewer network exposure points. Therefore, we believe that network scanning is now less important than web scanning. In the case of web technologies, you need network scanning primarily if you host your own web servers at your premises, not in the cloud. However, to be safe, you should regularly perform both types of scans.

Acunetix is a specialized web vulnerability scanner, the pioneer of such technology. Network scanning in Acunetix is done with the help of another pioneer and leader, OpenVAS. Therefore, with Acunetix, you get two best-in-genre products working together using a single interface. You cannot get that from competing products, which are network scanners with limited-capability web vulnerability scanning add-ons.

The first of all, thank you for reading my question, I really appreciate it! I am trying to integrate jenkins and acunetix (a vulnerability scanner software), but it seems to be near impossible...My situation is as follows:

There are two machines, a debian 9 machine [DEB] and a win10 machine [WIN]. In [WIN] I installed Acunetix v11 and jenkins in [DEB], and I configured acunetix to be accessible from outside (following this tutorial: -acunetix-host-localhost/). After that, I followed another tutorial ( -acunetix-root-certificate-another-computer/) to connect jenkins with acunetix. I managed to access to acunetix webpage from [DEB] via web (Not issues in network or configuration in that sense).

However, I could not connect with acunteix from jenkins despite the fact I followed every single step explained in acunetix web page. I got this error: "Please add the Acunetix scanner certificate to Java CA store" when I tested the connection from jenkins (obviously, acunetix plugin is installed in jenkins). I checked that the certificate obtained from acunetix installation (in [WIN]) "ca.cer" was correctly added in the keystore of [DEB]. Then, I made a custom keystore to be used by jenkins (as it is explained in this other tutorial: -us/articles/203821254-How-to-install-a-new-SSL-certificate-) and I got the same result...At that time, I thought that maybe something was wrong in [DEB], so I used another windows 10 machine [WIN2] to repeat the process...and I got the same result... The acunetix certificate was also included in the OS apart from java keystore in all cases.

We've configured the plugin properly (we're able to invoke acunetix from jenkins although we're having issues getting the report copied into the Jenkins workspace). The issue he might have run into is that you might have more than one jre installed and you have to register the certificate on the keystore JRE that Jenkins is using (you can check which one is being used by jenkins by looking at the "" tag in the jenkins.xml config file)

Network vulnerability tests should be an integral part of every cybersecurity policy. To check the security of your network services and network devices, you need a dedicated network scanner. Other types of scanning tools, such as web application vulnerability scanners, are not built to detect network security risks. When you introduce a new security tool into the business environment, it may make it more complex to manage your IT security. Luckily, you can find tools that combine a network vulnerability scanner with a web application vulnerability scanner. However, most such tools focus strongly on one area only and cannot provide full security coverage. Acunetix goes beyond what other products can offer by combining the best of both worlds: the best web vulnerability scanner engine, the best network security scanner engine, and a leading-edge vulnerability assessment and vulnerability management solution that works with both of these engines.

Network security scanning means analyzing a network structure and seeing what services are available on the network. Once a network scanner knows the structure and the services, it checks if these services use outdated, vulnerable software. A network scanner may be integrated with a web scanner.

Network scanning can be divided into three types of scans. First, a network scanner finds all accessible addresses on the network (network structure). Then, it finds all the open ports for each of those addresses. Then, it checks every port for vulnerabilities in the software.

You should do both. However, if your website or web application is hosted in the cloud and you did not open any ports manually, there is very little chance that you find any network vulnerabilities. On the other hand, there is a big chance that you will find web vulnerabilities.

Several times now a developer on our side has reported to us from monitoring tools he manages that people have scanned our critical applications with a freely available Web Application Vulnerability scanner from Acunetix.

"About blocking the attack: I don't know exactly what edition was used to scan your website. Some of our editions send the following header with each request: Acunetix-Scanning-agreement:Third Party Scanning PROHIBITED Check if you can see this header and block based on that.However, if they are using a Consultant edition, this header is not sent.

Please let me know if, based on this information, you can create for us a method by which to finger print and (dynamically) filter traffic from this scanner in the future. Our current countermeasure - waking up our network engineers and having them manually add the source IP of the scanner (which varies with each attack) - is time consuming...

The entire session should be blocked, not just a few packets; unless the remaining packets are part of a different session. Also, from your original post it seems like the patterns don't appear in the session in all the editions of their product. Can you confirm from a packet capture that the patterns (either a header or URI) are indeed present in the session.

You can build a custom vulnerability or app signature to identify this traffic. To match on patterns in http request headers, you can use the http-req-headers context, and for matching patterns in URL you can use http-req-uri-path context.

The result was this: Palo Alto firewall noticed the signature present in the first couple of packets and, so, blocked those packets. Subsequent packets (from the same source IP), which lacked these signatures, were not identified as part of the banned application and were allowed through.

The session vs. transaction option only matters when you have multiple conditions in the signature, and you want all of those be within a single transaction, or they can occur across transactions in a session. Have you taken a packet capture of the session to check if the patterns are indeed exactly the same as you used in the signature.

Pardon me for the late reply, please; yes, we took a packet capture and have uploaded this capture to our ticket (ticket #: 00149001). Please let me know if this will suffice for now, or if there is anything else we can provide you with in helping us develop a filter to test against this scanner.

I can schedule daily, weekly or monthly scans of targets which checks for vulnerabilities in our cloud infrastructure from one control panel. The ability to send different types of reports to various parties, for example a 'Board level' report or 'Developer' report is handy for tailoring content to the audience.

It perhaps could be improved by adding a section for commenting on how a vulnerability was fixed and a link to a relevant URL to confirm this. Pricing is good for a small amount of targets, but quickly becomes expensive for multiple target locations.

Good thing for a web application pentesting, can give You insight of a present vulnerabilities. Would recommend using in tandem with infrastructure scanner (like Nessus) to create a complete testing solution. Also presence of continous scanning and scheduler could be used for a regular security assesment of Your web applications.

Ease of use, good customer support, very insightful reports (especially Developer raport), good vulnerability management. Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.

Not a lot of scan options to configure - especially in comparison to Nessus - every check is done in default, You can't choose specifically which test is done in selected scan, only the type of scan (full, high-risk vulnerabilities, xss, sqli, weak passwords, crawl only ) or technology in which the scanned web app is written.

3a8082e126