What is the general basics for the web app crawler and scanner?

This article describes some general basics for the web application scanning (WAS).

Starting point

The starting point should be an exact URL, like one of the following examples, including HTTP or HTTPS. The scanner will start here and follow all links found within the scope you have selected (see “Scan scope”). By doing this the scanner will scan your entire web application.

Starting point URL examples:

  • http://www.yourbusiness.com
  • https://www.yourbusiness.com
  • http://www.yourbusiness.com/subfolder
  • http://www.yourbusiness.com/subfolder/page.html
  • https://www.yourbusiness.com:7443
  • http://123.123.123.123

Scan scope

A single web application scan is limited to 8 000 pages or 24 hours of scanning time. A scan that is larger will be automatically stopped. Notice that you still will get a scan result for the pages that were scanned.

HTTP and HTTPS

If you have the same website under HTTP and HTTPS, you can choose either one of them.

Redirects

Our crawler doesn’t follow redirects between HTTP and HTTPS, example from http://www.yourbusiness.com to https://www.yourbusiness.com. If you have a redirect enter the redirect target as URL for scanning.

Exclude URLs and forms

Please read this information for URL and form exclusion:
http://support.holmsecurity.com/hc/en-us/articles/213915989

Excluded pages

The following file formats are ignored when scanning because of static content.

  • DOC
  • DOCX
  • XLS
  • XLSX
  • PPT
  • PPTX
  • PDF
  • ZIP
  • WOFF

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.