How do I make sure I scan all relevant web applications?

If you ask hackers, they will focus mostly on other web apps then your main website. It’s most likely that they will have more vulnerabilities.

Tip 1: Have Google list your web apps

We recommend that you use Google Search to find additional web applications. Go to (external website) and search as follows. This will present a search result where all sub domains with web applications are listed, but the "www" sub domain will be excluded. Go through the list to find additional web applications. -www

Example: -www

Tip 2: try different TLDs

Do the same as above and test your domain with different TLDs like .info, .net and .org.