Contents x
    Acunetix
    • 2 Minutes to read
    • Print
    • PDF
    Contents

    Acunetix

    • 2 Minutes to read
    • Print
    • PDF
    Article summary

    Introduction

    Acunetix 360 is a web vulnerability assessment solution for the enterprise. This integration allows SAFE to pull the vulnerability assessment results of the configured web applications at pre-configured time intervals (1 to 30 days). Additionally, users can also trigger the on-demand pull of scan results of the web applications on SAFE.

    Users can configure the Acunetix 360 from the SAFE Hooks > Assessment Tools using API URL, User ID, Token, and Auto-Sync Frequency.

    Acunetix API Integration

    Prerequisites

    To configure Acunetix, you need the following details:

    1. API URL: The tenable instance URL the user uses to login into Acunetix
    2. Acunetix User ID: The user ID used should have administration credentials
    3. Acunetix Token: The token generated should be from the administration credentials
    4. SSL Certificate
      1. In the case of a CA-Signed SSL Certificate, check the verify SSL certificate check box.
      2. In the case of a Self-Signed SSL certificate, provide Acunetix Certificate Fingerprint (SHA-256).

    Configure Acunetix

    To configure Acunetix:

    1. Navigate to Administration > Assessment Tools > Acunetix.
    2. Click the Configure button available on the Acunetix card.
    3. Enter the Acunetix API URL, User ID, Token, and Auto-Sync Frequency.
    4. Verify the SSL Certificate or enter the Acunetix Server Certificate Fingerprint (if a self-signed certificate is used).
    5. Click the Test Connection button.
    6. Once the connection is verified, click Save Configuration.
    7. Enable the Acunetix toggle switch.

    Acunetix 1

    Info

    Once the configuration is saved, users can click the Get Data button to discover the assets and import their VA assessment results. Once discovery is completed, the system displays the count of newly discovered assets. All the newly discovered assets will be added under the Unconfirmed Assets in the Manage Assets page. These assets should be confirmed as Web application assets, and in the subsequent data pull, the VA scan results are mapped against them.

    Note

    SAFE uses the IP address of the assets as matching criteria to import vulnerabilities.

    Acunetix Reports Upload

    SAFE allows users to upload the Acunetix report to SAFE.

    Prerequisites

    SAFE accepts report upload from Acunetix in JSON in the below-mentioned format:

    {
      "Generated": "25/06/2020 11:04 AM",
      "Target": {
        "Duration": "",
        "Initiated": "",
        "ScanId": "",
        "Url": ""
       },
    "Vulnerabilities": [  
        // below object in a repetitive template  
      {
      "Certainty": ,
      "Classification": {},
      "Confirmed": false,
      "Description": "",
      "ExploitationSkills": "",
      "ExternalReferences": "",
      "ExtraInformation": [],
      "FirstSeenDate": "",
      "HttpRequest": {},
      "HttpResponse": {},
      "LookupId": "",
      "Impact": "",
      "KnownVulnerabilities": [],
      "LastSeenDate": "",
      "Name": "",
      "ProofOfConcept": "",
      "RemedialActions": "",
      "RemedialProcedure": "",
      "RemedyReferences": "",
      "Severity": "Critical",
      "State": "Present",
      "Type": "HighlyPossibleSqlInjection",
      "Url": ""
    },
    ]
}
    Note
    The URL should match with one of the URLs of the onboarded assets on SAFE.

    Upload Acunetix Report

    To upload an Acunetix report:

    1. Navigate to the Administration > SAFE Hooks > Assessment Tools > Acunetix
    2. Click the Upload Report button on the Acunetix card.
    3. Browse and upload the Acunetix report on the report upload pop-up screen.
    4. A green check mark will be displayed upon successful upload.

    Acunetix 2

    Notes
    • If the upload fails, it will be flagged with a red cross. You can delete the failed uploads by clicking on the delete icon.
    • SAFE only supports importing VA results from Acunetix via direct integration for assets in the following verticals:
      • Cloud - SaaS Applications
      • Mobile Applications
      • Network and Security Nodes
      • Server
      • Storage
      • Thick Client Applications
      • Web Applications

    Verify Integration

    • Navigate to the asset for which you have uploaded the report, and now you can view the uploaded controls with their status and SAFE Score. 
    • All the newly discovered assets will be added under the Unconfirmed Assets on the Manage Assets page.
    Was this article helpful?
    What's Next