Active Attack Module
An active attack module attempts to alter your application by running attacks for well-known vulnerabilities (e.g. inserting SQL in forms).
Your applications can be attacked in a number of different ways, including botnets, spoofing, keyloggers, malware, and countless others.
You can define how AppSpider reacts to specific attacks.
Make sure you set up authentication credentials for your webapps in order to successfully scan them.
Macros are recordings of some action that cannot be otherwise automated, such as logging in on certain types of pages. You can store a macro in your scan configuration in order to perform these actions.
You can configure AppSpider to crawl your custom URLs when you set up a scan.
Dynamic Application Security Testing
DAST tools traditionally communicate with applications through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. Properly architected DAST tools first perform a “crawl” of the client interface to understand the application and then they conduct an “attack” or “audit” to find the vulnerabilities.
The header component in the HTTP requests, which adds another layer of security to your webapps.
Passive Attack Module
A passive attack module attempts to gain information about your environment by examining your application (e.g. looking for passwords stored in clear text).
A proxy server acts as a middle man between a client’s network and an end server that intercepts all requests in an attempt to fulfill the request itself.
This panel allows you to enable advanced options for the scan configuration.
A scan configuration, or scan config, is a group of settings you can use to scan a particular web application. The scan configuration contains all the required details such as URL, credentials, and scan instructions for the application to be scanned. By creating a scan config, you can save a particular configuration of options, and use it to scan that application with those options again and again.
Your “sysadmin” is responsible for configuring computer networks and servers at your organization, among other tasks.
Use the AppSpider traffic viewer to see and track the amount of traffic on your webapp URLs.