Scan your web application
Now that you have created a scan config, you are ready to scan your web application. There are three ways to scan your web application in AppSpider Pro:
Regular Scan
This is the default scan type where AppSpider crawls your application making an inventory of all the web pages and performs attacks on them based on the preferences in your scan configuration. To start a "Regular Scan", you must select a scan configuration from the Main Window and click the Run button from the scan configuration toolbar. You can also right click the name of the scan configuration and click Run from the pop-up menu. If it is your first time scanning with a particular scan configuration, Regular Scan will be the only scan type available to you.
Incremental Scan
Scanning an entire web application can take a long time and a large amount of network and computing resources. If the web application does not undergo frequent changes, it would be preferable to scan the entire app once and then just monitor any web pages that have changed. An "Incremental Scan" can help you achieve this. To run an Incremental Scan, you much select a scan configuration that has already been used for scanning. Click the + button to the left of the name of the scan configuration to expand the list of previous scans. Select the last successful scan and click the Start Incremental Scan button in the scan configuration toolbar. You can also right click the last successful scan details, and select the Start Incremental Scan option from the pop-up menu.
Validation Scan
Sometimes you may suspect that certain vulnerability findings are inaccurate or caused due to temporary network issues. You can Validate these findings using a "Validation Scan". To run an Incremental Scan, you much select a scan configuration that has already been used for scanning. Click on the + button to the left of the name of the scan configuration to expand the list of previous scans. Select the last successful scan and click the Start Validation Scan button in the scan configuration toolbar. You can also right click the last successful scan details, and select the Start Validation Scan option from the pop-up menu. When you attempt to validate an existing scan, it will open the Scan Status window and load the findings from the scan. In the left hand panel, you can select any vulnerability from the list of Findings and click the Start Scan button in the toolbar. This is kick off a validation scan, and replay the attack traffic for that finding. Validation Scans can be useful if your developers have fixed a subset of vulnerabilities found in previous scans, and you want to ensure that the vulnerabilities no longer exist.