Connect Application Data

CRC Advanced Only

This functionality is only included in the CRC Advanced offering.

InsightAppSec is an application security tool that you can configure to attack different aspects of your application to identify response behaviors that make your applications vulnerable to attackers. The attacks are run during scans, which you can customize and schedule based on your needs. After the scan completes, you can view vulnerabilities by app or scan and details about each vulnerability. You can export the results or have them display as a dashboard card for easier visibility into the health of your application security.

What's an app in InsightAppSec?

An app is a section of your site that you want to scan for vulnerabilities and manage as one entity. You can specify multiple targets to be included in an app that will apply across all scan configurations. Apps are a way to group your targets together, which in turn allow you to tune scans consistently for all targets in a single grouping, to group results into one place, and to track improvements over time. In order to scan a web application, you will have to create an app and add the targets of your application to this app.

Add an app

Scanning subdomains

If you wish to scan multiple subdomains of a website, such as mail.mysite.com and blog.mysite.com, use wildcards such as *.mysite.com.

  1. From the left menu, go to Targets and verify that the domain you wish to scan is in the Target Domains list and enabled.
  2. Open the Add App Wizard by clicking the Add App button on the Apps page.
  3. On the Details screen, provide a name and optionally a description for this app.
  4. On the Target URLs step, use the + button to add individual URLs.
  5. From the Users step, you can assign users to a particular app.

Allowlist IP addresses

During an InsightAppSec scan, your web application may experience a high amount of incoming network traffic. Some firewalls may block attack traffic and prevent InsightAppSec from testing your application for vulnerabilities. In such cases, you must allowlist the IP addresses of the InsightAppSec cloud engines to scan your web applications.