Scan your App
Once you are familiar with InsightAppSec and understand the topology of your application, you can start targeting various sections of your application for vulnerabilities. We recommend you start with the "All modules" attack template, which covers all modules and provides maximum coverage. This will give you a broad understanding of the security posture of your app, and you can subsequently shape your scans using the various options available in the Scan Config wizard.
Start a Scan
To scan an app, go to the "All Apps" screen and click on the name of the app you would like to scan. On the App Overview page, click the Scan Now button on the upper right side of the screen, and select the scan config you wish to use. You will see a message about the scan starting successfully, with a link to the Scan Overview page.
Monitor active scans
The Scan Overview page is structured differently based on whether the scan is in progress or completed. If the scan is in progress, the page shows the "Scan Status" view which has two tabs:
- Vulnerabilities per attack - This tab is useful for a live snapshot of the vulnerabilities being discovered on your app.
- Event Log - The Event log lists in real time, the actions taken by the InsightAppSec console as part of the scan, and can help you detect authentication or access failures early in the scan. For example, imagine you have an app that takes a few hours to scan and is scheduled to be scanned after business hours. You can follow the scan log at the beginning of the scan to ensure that InsightAppSec can correctly access your app, and that the scan results will be useful to your team the next day.
Pause a Scan
To pause an ongoing scan, click the Pause Scan button on the upper right side of the Scan Overview page. InsightAppSec may take a couple of minutes to pause the scan.
When the scan is paused, the Scan Information panel displays the scan status as Paused. The Pause Scan button changes to blue color and has the name “Resume Scan”. At a later point within the next 24 hours, you can click the Resume Scan button to continue the scan.
A scan can be paused for a maximum of 24 hours. After that time the scan is stopped, and the results up to that point, including any discovered vulnerabilities, will be retained. This restriction applies both to scans paused manually as well as scans getting paused due to a blackout.
Stop a Scan
To pause an ongoing scan, click the Stop Scan button on the upper right side of the Scan Overview page and select whether you would like to retain or discard the results of the stopped scan. InsightAppSec may take a couple of minutes to stop the scan.
View Scan Results
When the scan is completed, the Scan Overview page uses the Scan Results layout. The KPIs are displayed at the top while the scan information and the Vulnerabilities table is displayed below.
Click on any vulnerability in the table to view attack details and remediation ideas. More guidance on analysing vulnerabilities is available in the Work with Vulnerabilities help article. You can also use this page to export vulnerabilities to JIRA and to generate reports.