This article describes some general basics for the web application scanning (WAS).
Starting point
The starting point should be an exact URL, like one of the following examples, including HTTP or HTTPS. The scanner will start here and follow all links found within the scope you have selected (see “Scan scope”). By doing this the scanner will scan your entire web application.
Starting point URL examples:
- http://www.yourbusiness.com
- https://www.yourbusiness.com
- http://www.yourbusiness.com/subfolder
- http://www.yourbusiness.com/subfolder/page.html
- https://www.yourbusiness.com:7443
- http://123.123.123.123
Scan scope
A single web application scan is limited to 8 000 pages or 24 hours of scanning time. A scan that is larger will be automatically stopped. Notice that you still will get a scan result for the pages that were scanned.
HTTP and HTTPS
If you have the same website under HTTP and HTTPS, you can choose either one of them.
Redirects
Our crawler doesn’t follow redirects between HTTP and HTTPS, example from http://www.yourbusiness.com to https://www.yourbusiness.com. If you have a redirect enter the redirect target as URL for scanning.
Exclude URLs and forms
Please read this information for URL and form exclusion:
http://support.holmsecurity.com/hc/en-us/articles/213915989
Excluded pages
The following file formats are ignored when scanning because of static content.
- DOC
- DOCX
- XLS
- XLSX
- PPT
- PPTX
- ZIP
- WOFF
0 Comments