Acunetix
  • 2 Minutes to read
  • PDF

Acunetix

  • PDF

Article Summary

Introduction


Acunetix 360 is a web vulnerability assessment solution for the enterprise. This integration allows SAFE to pull the vulnerability assessment results of the configured web applications at pre-configured time intervals (1 to 30 days). Additionally, users can also trigger the on-demand pull of scan results of the web applications on SAFE.

Users can configure the Acunetix 360 from the SAFE Hooks > Assessment Tools using API URL, User ID, Token, and Auto-Sync Frequency.

Acunetix API Integration


Prerequisites

To configure Acunetix, you need the following details:

  1. API URL: The tenable instance URL the user uses to login into Acunetix
  2. Acunetix User ID: The user ID used should have administration credentials
  3. Acunetix Token: The token generated should be from the administration credentials
  4. SSL Certificate
    1. In the case of a CA-Signed SSL Certificate, check the verify SSL certificate check box.
    2. In the case of a Self-Signed SSL certificate, provide Acunetix Certificate Fingerprint (SHA-256).

Configure Acunetix

To configure Acunetix:

  1. Navigate to Administration > Assessment Tools > Acunetix.
  2. Click the Configure button available on the Acunetix card.
  3. Enter the Acunetix API URL, User ID, Token, and Auto-Sync Frequency.
  4. Verify the SSL Certificate or enter the Acunetix Server Certificate Fingerprint (if a self-signed certificate is used).
  5. Click the Test Connection button.
  6. Once the connection is verified, click Save Configuration.
  7. Enable the Acunetix toggle switch.

Acunetix 1

Info

Once the configuration is saved, users can click the Get Data button to discover the assets and import their VA assessment results. Once discovery is completed, the system displays the count of newly discovered assets. All the newly discovered assets will be added under the Unconfirmed Assets in the Manage Assets page. These assets should be confirmed as Web application assets, and in the subsequent data pull, the VA scan results are mapped against them.

Note

SAFE uses the IP address of the assets as matching criteria to import vulnerabilities.

Acunetix Reports Upload


SAFE allows users to upload the Acunetix report to SAFE.

Prerequisites

SAFE accepts report upload from Acunetix in JSON in the below-mentioned format:

{
      "Generated": "25/06/2020 11:04 AM",
      "Target": {
        "Duration": "",
        "Initiated": "",
        "ScanId": "",
        "Url": ""
       },
    "Vulnerabilities": [  
        // below object in a repetitive template  
      {
      "Certainty": ,
      "Classification": {},
      "Confirmed": false,
      "Description": "",
      "ExploitationSkills": "",
      "ExternalReferences": "",
      "ExtraInformation": [],
      "FirstSeenDate": "",
      "HttpRequest": {},
      "HttpResponse": {},
      "LookupId": "",
      "Impact": "",
      "KnownVulnerabilities": [],
      "LastSeenDate": "",
      "Name": "",
      "ProofOfConcept": "",
      "RemedialActions": "",
      "RemedialProcedure": "",
      "RemedyReferences": "",
      "Severity": "Critical",
      "State": "Present",
      "Type": "HighlyPossibleSqlInjection",
      "Url": ""
    },
    ]
}
Note
The URL should match with one of the URLs of the onboarded assets on SAFE.

Upload Acunetix Report

To upload an Acunetix report:

  1. Navigate to the Administration > SAFE Hooks > Assessment Tools > Acunetix
  2. Click the Upload Report button on the Acunetix card.
  3. Browse and upload the Acunetix report on the report upload pop-up screen.
  4. A green check mark will be displayed upon successful upload.

Acunetix 2

Notes
  • If the upload fails, it will be flagged with a red cross. You can delete the failed uploads by clicking on the delete icon.
  • SAFE only supports importing VA results from Acunetix via direct integration for assets in the following verticals:
    • Cloud - SaaS Applications
    • Mobile Applications
    • Network and Security Nodes
    • Server
    • Storage
    • Thick Client Applications
    • Web Applications

Verify Integration


  • Navigate to the asset for which you have uploaded the report, and now you can view the uploaded controls with their status and SAFE Score. 
  • All the newly discovered assets will be added under the Unconfirmed Assets on the Manage Assets page.

Was this article helpful?