Skip to content
  • There are no suggestions because the search field is empty.

How do I create a web assessment profile?

Follow these steps to create a web application assessment profile.

  1. Log in to your Security Center
  2. In the main navigation bar, hover over Assessments.
  3. From the dropdown menu, select Profiles.
  4. Select Web in the dropdown menu.
  5. Click + Add scan profile.
  6. Under the headline General settings, enter the following:
    • Name: The name of the profile, e.g., Standard profile.
    • Owner: The owner of the scan.
    • Details: Any information you want to add that could be relevant to the scan profile.
  7. Under the headline Crawl settings, enter the following:
    • Form method

      This refers to the various methods the assessment uses to evaluate the functionality and security of forms in a web application.
    • User agent

      The user agent will be used during the assessment.
    • Maximum crawl requests

      The maximum number of crawl requests the scan will perform during the assessment. The system allows a maximum of 8,000 requests. 
    • Scan intensity

      Four settings determine the number of requests per minute.
      • Low: 10 requests per second
      • Medium: 30 requests per second
      • High: 50 requests per second
      • Custom: a custom value
    • Requests per second 

      Total requests per second. The recommended number is 30 per second.
  8. Under the headline Vulnerabilities, enter the following:
    • Default Vulnerability Categories

      These categories include most of the tests needed to identify vulnerabilities in a web application.
    • Enable advanced path traversal XSS

      Include path traversal testing. Learn more about path traversal XSS here:

       https://support.holmsecurity.com/knowledge/path-traversal-vulnerability

    • Include

      To scan for specific vulnerabilities, you can search and choose the category name, vulnerability name, or HID you are interested in. This allows you to customize your web application assessment and focus on specific areas of concern.
    • Exclude

      To exclude specific vulnerabilities in your assessment, add them to the exclusion form. You can exclude single HIDs or full categories.

    • Stability

      Some tests are skipped by default to increase the stability and performance of the scanned web applications.

    • Skip Password brute forcing

      Disables brute-force attempts against authentication forms.
  9. Under the headline Sensitive content, enter the following:

    • Credit card numbers

      Parse strings to identify possible combinations of credit cards.

    • Custom content 

      Allows you to type specific search criteria that the assessment will try to detect. If this setting is turned off, no personal data will be processed.

  10. Click OK.

You have now created a web assessment profile.