What is the general basics for the web app crawler and scanner?

This article describes some general basics for the web application scanning (WAS).

Starting point

The starting point should be an exact URL, like one of the following examples, including HTTP or HTTPS. The scanner will start here and follow all links found within the scope you have selected (see “Scan scope”). By doing this the scanner will scan your entire web application.

Starting point URL examples:

  • http://www.yourbusiness.com
  • https://www.yourbusiness.com
  • http://www.yourbusiness.com/subfolder
  • http://www.yourbusiness.com/subfolder/page.html
  • https://www.yourbusiness.com:7443

Scan scope

A single web application scan is limited to 8 000 pages or 24 hours of scanning time. A scan that is larger will be automatically stopped. Notice that you still will get a scan result for the pages that were scanned.


If you have the same website under HTTP and HTTPS, you can choose either one of them.


Our crawler doesn’t follow redirects between HTTP and HTTPS, example from http://www.yourbusiness.com to https://www.yourbusiness.com. If you have a redirect enter the redirect target as URL for scanning.

Exclude URLs and forms

Please read this information for URL and form exclusion:

Excluded pages

The following file formats are ignored when scanning because of static content.

  • DOC
  • DOCX
  • XLS
  • XLSX
  • PPT
  • PPTX
  • PDF
  • ZIP
  • WOFF


Have more questions? Submit a request


Please sign in to leave a comment.