The following article will explain the basics of the scan profile settings for web application scanning (WAS).
General Information
Name
Enter the name for the scan profile.
Owner
The owner of the policy.
Scan Settings
Crawl settings
User agent
The user agent that crawls the specific website.
Maximum crawl requests
The maximum number of crawl requests the scan will perform during the test. The total amount of requests that the system will allow is 8.000.
Performance
Scan intensity
There are four different types of settings that determines the number of requests per minute.
- Low: 10 requests per second
- Medium: 30 requests per second
- High: 50 requests per second
- Custom: a custom value
Requests per second
Total requests per second: The recommended number of requests are 30 per minute.
Vulnerability detection
This feature will allow you to decide which vulnerabilities you wish to include and or exclude in your WAS scan. You are able to choose between Complete or Custom.
Exclude
In order to exclude certain vulnerabilities in your scan simply select Complete and search for the category name, vulnerability name or HID.
Custom
If you rather wish to scan for specific vulnerabilities select Custom and search for the category name, vulnerability name or HID.
Sensitive content
Sensitive content are specific tests that search for information such as credit card numbers and social security or personal identification numbers.
Custom content allows you to type in a specific search criteria that the scanner will try and detect.
Comments
Comment
The comment section allows you to type in custom content for yourself or your team members. This is
useful when creating Scan profiles that contains exclusions or other settings.
0 Comments