Scan profiles

How do I create a web application scan profile?

You can follow these instructions to create a network scan profile.

  1. Log in to Security Center. 
  2. Click Scan profiles.
  3. Click +Create scan profile.
  4. Under the headline General Settings, enter the following:
    • Name: the name of the profile, e.g., Standard scan profile.
    • Owner: the owner of the scan.
    • Details: Any information you want to add that could be relevant to the scan profile.
  5. Under the headline Crawl settings enter the following settings:
    • Form method
      This refers to the various methods used by the scan engine to evaluate the functionality and security of forms on a web application.
    • User agent
      The user agent will be used while the scan is running.
    • Maximum crawl requests
      The maximum number of crawl requests the scan will perform during the test. The total amount of requests that the system will allow is 8,000. 
    • Scan intensity
      Four different types of settings determine the number of requests per minute.
      • Low: 10 requests per second
      • Medium: 30 requests per second
      • High: 50 requests per second
      • Custom: a custom value
    • Requests per second 
      Total requests per second. The recommended number is 30 per second.
  6. Under the headline Vulnerabilities enter the following settings:
    • Default Vulnerability Categories
      These categories include most of the tests needed to identify vulnerabilities in a web application.
    • Enable advanced path traversal XSS
      Include path traversal testing; read more about path traversal XSS here:
    • Include
      To scan for specific vulnerabilities, you can search and choose the category name, vulnerability name, or HID you are interested in. This allows you to customize your web application scan and focus on specific areas of concern.
    • Exclude
      To exclude specific vulnerabilities in your scan, add them to the exclusion form. You can exclude single HIDs or full categories.
    • Stability

      Some tests are skipped by default to increase the stability and performance of the scanned web applications.

      • Skip Password brute forcing
        Disables attempts to brute force authentication forms.
  7. Under the headline Sensitive content enter the following settings:
    • Credit card numbers Parses strings to identify possible combinations of credit cards.

    • Custom content allows you to type specific search criteria the scanner will try to detect. If this setting is turned off, no personal data will be processed.
   8. Click OK.
   9. Done!