All integrations
DAST

Acunetix integration

Acunetix results can be uploaded as XML or JSON exports (on-premise or Acunetix 360/Cloud formats), and Centraleyezer can also drive the scanner directly: it creates targets and launches scans over the Acunetix API using the scan profile you pick, then imports the results when the scan completes.

Scan types imported

  • Web application DAST (SQLi, XSS, SSRF, auth bypass, 7,000+ checks)
  • Scheduled scans driven by Centraleyezer

File import

XMLJSONXML (Acunetix Cloud)

Three templates: the classic Acunetix XML report, the JSON export, and the Acunetix Cloud/360 XML export.

What Centraleyezer expects in the file

  • XML per ReportItem: name, description, remediation, CWE, raw request/response, affected item and severity (high/medium/low/info), attached to the crawler start URL.
  • Cloud XML per vulnerability: severity, CWE, OWASP category, remedial actions and HTTP request/response content.
  • JSON: vulnerability name, description, recommendation and numeric severity (0–3) per target URL.
  • Web assets are matched by the scan’s start/target URL.

API connection

Add Acunetix as a scanner with its API key. When a project scan is triggered, Centraleyezer creates a target and launches a scan per web asset using the configured scan profile (Full Scan, High Risk, XSS, SQL Injection, Crawl Only and more), then imports the findings on completion.

Configuration

Hostname / Port
The Acunetix instance address.
API Key
The Acunetix API key, sent as the X-Auth header.
Scan profile
Which Acunetix scanning profile to launch (13 profiles supported, from Full Scan to targeted checks).

Where to get the credentials

Generate the API key in Acunetix under your profile (Administrator → Profile → API Key).

What gets imported on every run

  • All vulnerabilities of the completed scan with description, remediation, CWE and severity.
  • HTTP request/response evidence per finding.

How imported findings are risk-scored

Every Acunetix finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Acunetix integration live

Book a demo and we’ll connect your Acunetix data and walk through risk-based prioritisation on your own findings.

Acunetix Integration — Setup & Imported Scan Types