Welcome to our community.

In this community, you can submit ideas, vote on existing ideas, or add comments.

To submit an idea, please click the Submit New Idea button at the top of the navigation sidebar. You will then be asked to add a title and choose a campaign for the new idea. You will also have the option to add tags to the idea. To vote on an idea, simply click the up or down arrows to the right of the idea title/description. And to add a comment, click in the box below the idea.

If you would like to see all ideas created with a specific tag, you can click on the word or phrase via the tagcloud in the navigation sidebar area under "What we're discussing". You can also view ideas sorted by Campaigns from the right navigation area. To return to this page, click the All Ideas link.

Browse Popular Ideas

Stop / Save partial results / Resume scan later functionality

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

The user should have the ability to stop a scan, save the "uncomplete" scan status and resume it at a later stage.

Being a consultant sometimes I trigger a scan when at a client, and when it takes long and need to leave their office, ideally I should be able to save the progress to resume the scan later instead of restarting it.

Submitted by

Feedback Score

55 votes

Enterprise edition of Acunetix

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Create an enterprise edition of Acunetix with a centralized dashboard. Access to the dashboard would be through a URL with specific assigned priviledges. This would allow a large company to distribute scan results, keep track of work efforts and allow remote scanning. This would be a similar model to IBM Appscan Enterprise , HP WebInspect Amp, and Cenzics Arc. While Acunetix is a good product, it is limited in its ...more »

Submitted by

Feedback Score

25 votes

Web service scan - support for XSD:import

Stage: In Progress

Campaign: Acunetix Web Vulnerability Scanner

Acunetix does not work when trying to scan a web service that contains XSD:import in the WSDL file, which is a perfectly valid declaration in a WSDL file. The lack of support for this basically rules out using Acunetix to scan web services developed using standard Microsoft technologies since Microsoft .Net (WCF) splits up the web service contract in multiple files and import the definitions in the WSDL file using XSD:import ...more »

Submitted by

Feedback Score

24 votes

Acunetix Reporting

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

I have evaluated your Acunetix Web Scanner and found it to be an all-round great product except for the reporting side. It would be a great idea if one could have a consolidated report for all the scans instead of having to compile each individual reports into one high level report. It should have the functionality to select all scans and generate one single report or just a consolidated high level report . Think about ...more »

Submitted by

Feedback Score

20 votes

Schedule Scans

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

An enhanced scheduler which could be used to schedule scans on a regular basis. The current windows scanner is awful and cannot be used effectively. E.g you cannot schedule a scan on a sunday 2 am every month for 12 months..

(Intention here is that you scan a bunch of sites on a off-business hours, if some of them display a particular vulnerability, you then deep dive with manual/hands-on scans..)

Submitted by

Feedback Score

17 votes

Feature request - flash vulnerabilities

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Hello

Our company uses for the security tests their tool Acunetix. We have currently a customer that uses the HP WebInspect tool for the security test. We have found that they can find with this tool more security issues than with Acunetix. The HP WebInspect tool that finds errors in the flashvars.

Can this feature (flash vulnerabilities) be integrated in the next Acunetix version?

Best regards,

S.David

Submitted by

Feedback Score

11 votes

Save scan results to database to load at a later time

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Currently Acunetix does not save the full scan results to the database to where they can be reloaded at a future time. The only way to currently do this is to save the .wvs file and then load the results that way. My suggestion on this is to either have Acunetix automatically create a .wvs file for every scan performed (maybe to the users Acunetix data directory) or to save the full results to the database so they ...more »

Submitted by

Feedback Score

9 votes

Command line for Acusensor Injector

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Since many people use automated build systems these days there is the need to be able to call the Acusensor Injector setup program via command line so a site can be injected and then scanned using the already existing Acunetix command line functionality. This was after a new build is compiled, a script could inject and then scan.

Submitted by

Feedback Score

7 votes

Hide multiple variations

Stage: Completed

Campaign: Acunetix Web Vulnerability Scanner

When Acunetix scans for vulnerabilities, it uses multiple variations to detect the vulnerabilities. If a vulnerability is found with multiple variations, it displays all of them. This causes Acunetix to find over hundreds of the same vulnerability. For some developers this can be useful. I however, would like to request an option to hide these variations and display only one of them. This makes it much more arranged ...more »

Submitted by

Feedback Score

7 votes

Program Users, Security, and Roles

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Related to support for WIndows Authentication. Allow for the following, all in the Acunetix WVS: -To use Windows Authentication and LDAP/LDAPS to set logins to use the software -To track work based on the logins for an audit trail. -To have user roles or user groups within the WVS that can be used to allow or disallow users access to certain components. Most importantly for us, we would have a group that would allow ...more »

Submitted by

Feedback Score

6 votes

PCI-compliance scans: add a comment to false-positives

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Hi, It would be great to be able to enter a comment to a false positive finding while marking it and move the marked-finding into an report-appendix instead of excluding the whole check (plugin) completely during the follow-up-scans. This would help to (1) understand, why a special finding was not included into the effective report and (2) explain it to an revisor on demand on a later date. Last not least, (3) if you ...more »

Submitted by

Feedback Score

6 votes

Web service scanner: Custom SOAP header

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

It would be great to have functionality to add custom SOAP header to SOAP envelope, e.g. security header. Original request: [?xml version="1.0" encoding="utf-8"?] [soap:Envelope] [soap:Header/] [soap:Body] ...SOAP body skipped... [/soap:Body] [/soap:Envelope] Modified request with a security header: [?xml version="1.0" encoding="utf-8"?] [soap:Envelope] [soap:Header] [wsse:Security] ...more »

Submitted by

Feedback Score

6 votes

Scanning progress/duration

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Using Acunetix for more than 1000 websites per year the tool is meant to be running permanently. To use the scheduler most efficiently it would be good to be continuously informed about the progress (in %) and estimated duration of a particular scan. We know that the progress bar turns blue when scan is nearly finished but we would prefer to see how far each scan is at any time (e.g. in the WVS log file). Thanks for ...more »

Submitted by

Feedback Score

6 votes

Grouping of Scheduled scans

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

Unable to group scans - In version 7 it was possible to group a list of sites to be scanned under one job. This function is quite important for me and version 8 even when entering a list of sites will create separate entries in the scheduler for each one. This now doesn't get grouped in the DB for reporting they are all treated as separate jobs I can't edit the scan time for the group I have to delete and re-enter them ...more »

Submitted by

Feedback Score

6 votes

Stop a scan automaticaly after a period of time

Stage: Active

Campaign: Acunetix Web Vulnerability Scanner

It would be nice to be able to set a scan time limit from the GUI, CLI and web interface.

When something goes wrong in a automated scan, you don't want to let it go for ever.

I have made a script to kill wvs_console and his childs after a period of time but there is no way to stop the scan properly.

Submitted by

Feedback Score

5 votes

Displaying 1 - 25 of 160 Ideas