Objective: Identify Risks
Scans run attacks on the selected URLs in your app to identify weaknesses that could lead to vulnerabilities. The specific attack types, URLs, and many other options are set in the scan configs. After starting scans, you can monitor and manage active scans.
Run a scan
- To scan an app, go to the Apps page and click on the name of the app you would like to scan.
- On the App Overview page, click the Scan Now button on the upper right side of the screen, and select the scan config you wish to use.
- You can monitor the progress of the scan by clicking the link to the Scan Overview page.
Monitor active scans
The Scan Overview page is structured differently based on whether the scan is in progress or completed.
When the scan is in progress, you can view the following:
- Vulnerabilities per attack - This tab is useful for a live snapshot of the vulnerabilities being discovered on your app.
- Event Log - The Event log lists in real time, the actions taken by the InsightAppSec console as part of the scan, and can help you detect authentication or access failures early in the scan.
Manage active scans
- While the scan is running, view the Scan Status.
- To pause the scan, click Pause Scan. You can review all paused scans in the Scanning Activity screen or the Interrupted Scans dashboard card.
- To resume a paused scan, click Resume Scan.
- To stop the scan, click Stop Scan and select whether to save or discard scan results.
Scan pause limit
A scan can be paused for a maximum of 24 hours. After that time the scan is stopped, and the results up to that point, including any discovered vulnerabilities, will be retained. This restriction applies both to scans paused manually as well as scans getting paused due to a blackout.
Success! You ran your first scan
When the scan completes, view and sort the discovered vulnerabilities to prioritize fixes on the Scan Overview page. You can now share results with stakeholders.