The following article will explain the basics of the scan profile settings for web application scanning (WAS).
Enter the name for the scan profile.
The owner of the policy.
The user agent that crawls the specific website.
Maximum crawl requests
The maximum number of crawl requests the scan will perform during the test. The total amount of requests that the system will allow is 8.000.
There are four different types of settings that determines the number of requests per minute.
- Low: 10 requests per second
- Medium: 30 requests per second
- High: 50 requests per second
- Custom: a custom value
Requests per second
Total requests per second: The recommended number of requests are 30 per minute.
This feature will allow you to decide which vulnerabilities you wish to include and or exclude in your WAS scan. You are able to choose between Complete or Custom.
In order to exclude certain vulnerabilities in your scan simply select Complete and search for the category name, vulnerability name or HID.
If you rather wish to scan for specific vulnerabilities select Custom and search for the category name, vulnerability name or HID.
Sensitive content are specific tests that search for information such as credit card numbers and social security or personal identification numbers.
Custom content allows you to type in a specific search criteria that the scanner will try and detect.
The comment section allows you to type in custom content for yourself or your team members. This is
useful when creating Scan profiles that contains exclusions or other settings.