Scan your App

Scans run attacks on the selected URLs in your app to identify weaknesses that could lead to vulnerabilities. The specific attack types, URLs, and many other options are set in the scan configs.

InsightAppSec provides two scan types:

  • Full scans - Full scans are the most common scan type and are defined by, and triggered from, a scan config.
  • Incremental scans - Incremental scans are enabled in the scan config and designed to attack new and updated links since the selected scan ran.
Use Case: Intermittently reduce the number of scan results
You are responsible for evaluating scan findings and you frequently see and have to re-evaluate the same vulnerability results. You know that there haven't been and won't soon be any big updates to elements of that app, which means you'll see many of the same findings after each scan.

To reduce the number of scan results, you enable Incremental scanning for that scan config. While Incremental scanning is enabled, each scan compares the crawl map from the previous scan and only attacks, and therefore provides results for, new and updated code. Your list of vulnerabilities to evaluate is shorter, which saves you time and energy.

When you hear that there was a large update to the app, you want to do a full scan to ensure you're finding as many vulnerabilities as possible. Disable Incremental scanning so that the next time the scan runs, it will crawl and attack all URLs listed in the scan config.

If you re-enable Incremental scanning, it will run against the crawl map from the full scan.

Scan your app

You can start a scan in two ways:

    1. On the All Apps page, click the application you want to scan.
    2. On the App Overview page, click Scan Now and select the scan you want to start.
    1. From the App Overview page, click the Scan Configs tab.
    2. Select the scan config that defines your required scan parameters.
    3. On the scan config detail page, click Save and Scan.

Full Scan

Full scans are the most common scan type and are defined by, and triggered from, a scan config. Full scans are designed to crawl all URLs listed in the scan config and provide in-depth results that are relevant to your needs.

Use Case: Scanning apps before integration
Your company recently acquired a new company with a large amount of apps. Before integrating the new apps into your platform, you need to test for potential vulnerabilities. Because the apps haven’t been scanned before and you are unfamiliar with the acquired product, you want an in-depth scan of every aspect of the app. Run a full scan and evaluate the results to determine the risk of integrating.

Incremental Scan

To reduce the list of previously discovered vulnerabilities, you can scan the new or updated increments of your app. Incremental scans reference the crawl map of the previous scan to identify and attack only new and updated code.

If you enable Incremental scanning for a scan config that has not yet run, the first scan will crawl the entire app like a full scan. The next time the scan runs, only the code that's new or updated based on the first crawl map will be attacked.

Limitations and best practices

Although incremental scans are useful for reducing the number of repeat findings, they are not as comprehensive as full scans and should not be used exclusively. Some changes to websites may not be seen as a significant change, such as database updates, and therefore will not be scanned. Run periodic full scans to ensure you are finding as many vulnerabilities as possible.

Use Case: Evaluating weekly scan results
You are responsible for evaluating findings from the weekly scan and you frequently see and have to re-evaluate the same vulnerability results. To reduce the number of scan results, you enable Incremental scanning for that scan config. Incremental scans compare the crawl map from the previous scan and only attacks and provides results for new and updated code.

To ensure you're finding as many vulnerabilities as possible, you run a full scan monthly. On the first day of the month, you disable Incremental scanning so that the next time the scan runs, it will crawl and attack all URLs listed in the scan config. After the full scan completes, you re-enable Incremental scanning to reduce redundant vulnerabilities.

Enable Incremental Scanning

You can enable Incremental scanning on new or existing scan configs. If you enable the option for a scan that has not yet run, the first Incremental scan will run a full scan. The next time the scan runs, only the code that's new or updated based on the first crawl map will be attacked.

  1. On the All Apps page, select your app.
  2. On the Scan Configs tab, select the scan you want to run.
  3. On the General tab, enable the option using the Incremental Scan toggle.

Disable Incremental Scanning

As a best practice, you should regularly disable Incremental scanning to ensure all vulnerabilities are found by a full scan.

  1. On the All Apps page, select your app.
  2. On the Scan Configs tab, select the scan you want to run.
  3. On the General tab, disable the option using the Incremental Scan toggle.

Monitor Active Scans

The Scan Overview page is structured differently based on whether the scan is in progress or completed. When the scan is in progress, the page shows the Scan Status which has two tabs:

  • Vulnerabilities per attack - This tab is useful for a live snapshot of the vulnerabilities being discovered on your app.
  • Event Log - The Event log lists in real time, the actions taken by the InsightAppSec console as part of the scan, and can help you detect authentication or access failures early in the scan.

Manage active scans

  1. While the scan is running, view the Scan Status.
  2. To pause the scan, click Pause Scan. Note: You can review all paused scans in the Scanning Activity screen or the “Interrupted Scans” dashboard card.
  3. To resume a paused scan, click Resume Scan.
  4. To stop the scan, click Stop Scan and select whether to save or discard scan results.

Pause limit

A scan can be paused for a maximum of 24 hours in the US and 4 hours in the EU. After that time the scan is stopped, and the results up to that point, including any discovered vulnerabilities, will be retained. This restriction applies both to scans paused manually as well as scans getting paused due to a blackout.

When the scan completes, view the discovered weakness results on the Scan Overview page.

View Scan Results

When the scan is completed, the Scan Overview page displays KPIs and scan results. You can export the scan results to JIRA and generate reports, as well as view detailed information about each result. Click on any finding to view attack details and remediation ideas.

View Scan Results

For more information on analyzing results, see Work with Vulnerabilities.

When the scan completes, view the discovered weakness results on the Scan Overview page.

View scan results

When the scan is completed, the Scan Overview page displays KPIs and scan results. You can export the scan results to JIRA and generate reports, as well as view detailed information about each result. Click on any finding to view attack details and remediation ideas.

View Scan Results

For more information on analyzing results, see Work with Vulnerabilities.

View and delete scans

If you have a lot of scans, you may find it helpful to view scans by status, as well as delete failed scans from the Scanning Activity page.

  1. On the navigation menu, click Scans.
  2. On the Scanning Activity page, click the status to view scans only in that status.
  3. To delete failed scans, in the Failed list, select the scans you want to delete and click the Delete icon.