Scan your App
Scans run attacks on the selected URLs in your app to identify weaknesses that could lead to vulnerabilities. The specific attack types, URLs, and many other options are set in the scan configs. After starting scans, you can monitor and manage active scans, view scans and results, and delete failed scans.
Start a scan
To scan an app, go to the All Apps page and click on the name of the app you would like to scan. On the App Overview page, click the Scan Now button on the upper right side of the screen, and select the scan config you wish to use. You will see a message about the scan starting successfully, with a link to the Scan Overview page.
Monitor active scans
The Scan Overview page is structured differently based on whether the scan is in progress or completed. When the scan is in progress, the page shows the Scan Status which has two tabs:
- Vulnerabilities per attack - This tab is useful for a live snapshot of the vulnerabilities being discovered on your app.
- Event Log - The Event log lists in real time, the actions taken by the InsightAppSec console as part of the scan, and can help you detect authentication or access failures early in the scan.
Manage active scans
- While the scan is running, view the Scan Status.
- To pause the scan, click Pause Scan. Note: You can review all paused scans in the Scanning Activity screen or the “Interrupted Scans” dashboard card.
- To resume a paused scan, click Resume Scan.
- To stop the scan, click Stop Scan and select whether to save or discard scan results.
A scan can be paused for a maximum of 24 hours in the US and 4 hours in the EU. After that time the scan is stopped, and the results up to that point, including any discovered vulnerabilities, will be retained. This restriction applies both to scans paused manually as well as scans getting paused due to a blackout.
When the scan completes, view the discovered weakness results on the Scan Overview page.
View scan results
When the scan is completed, the Scan Overview page displays KPIs and scan results. You can export the scan results to JIRA and generate reports, as well as view detailed information about each result. Click on any finding to view attack details and remediation ideas.
For more information on analysing results, see Work with Vulnerabilities.
View and delete scans
If you have a lot of scans, you may find it helpful to view scans by status, as well as delete failed scans from the Scanning Activity page.
- On the navigation menu, click Scans.
- On the Scanning Activity page, click the status to view scans only in that status.
- To delete failed scans, in the Failed list, select the scans you want to delete and click the Delete icon.