Configure your Scan
Scanning is integral to evaluating the risk to your applications. Scans run attacks on the selected URLs in your app to identify weaknesses that could lead to vulnerabilities. Based on your needs, you can target various sections of your application for weaknesses by configuring scans. To best utilize your scan, you can configure the following scan settings.
What's a scan config?
A scan configuration, or scan config, is a group of settings you can use to scan an app. By creating scan configs, you can save specific settings configurations and use them to scan that app with those options again and again.
Use case: Multiple scan configurations
You want to scan your application web interface, which is updated regularly, on a weekly cadence and the associated API, which is updated less frequently, on a monthly basis. Create separate scan configs for the UI and the API and apply a different schedule cadence to each.
Create and Edit a Scan Config
- On the Apps page, click the application where the scan is stored.
- On the Scan Configs tab, do one of the following:
- Click Create New Scan Config.
- To edit an existing scan config, click the scan config.
- Configure the settings in each tab and sub-section as necessary.
- To reduce redundant vulnerability results, enable or disable incremental scanning. This type of scan ignores the elements of your site that have not changed since the last scan.
- If you need your scan to authenticate to the app, configure the authentication details.
- Create or manage attack modules and attack templates to use in the scan config.
- We recommend starting with the All Modules attack template for maximum coverage. Because this attack template runs almost all of the attack modules, the scan takes a significantly long time to complete. To reduce the scan time, All Modules does not include the Log4Shell attack. To scan for Log4shell, use the Out of Band Injection for Log4j attack.
- Set your scan scope.
- Configure custom options such as proxy, performance, and HTTP headers.
- Save the Scan Config.
- Click Save to save and close.
- Click Save and Scan to save and run the scan.
Copy a Scan Config
You can create a copy of an existing scan config and reuse the settings with minor modifications. You can copy a scan config to the same app that you’re working with already, or copy a scan config to another app altogether.
App access required
You can only copy a scan config to apps you have access to.
- On the Apps page, select the app you want to scan.
- On the Scan Configs tab, select the scan config you want to copy and click Copy scan config.
- (Optional) Add or edit the name and description of the scan config. The default name is the name of the original scan config with
(Copy)
at the end. - Click Location and select the target app that will receive the copied scan config. The current app is selected by default.
- Click Save Copy.
Delete a Scan Config
You may want to delete scan configs if the associated target has been removed or the web application settings have drastically changed.
Scan configs are permanently deleted
Deleting a scan config is permanent. You will not be able to reuse this scan config.
- Go to Apps and select the app with the obsolete scan config.
- On the app screen, select the Scan Configs tab.
- Select the row with the scan config you want to delete, then click Delete scan config.
- If you are sure you want to delete the scan config, in the warning, click Delete.