Scan profiles

What are advanced vulnerability plugins?

These plugins focus on checking for specific web vulnerabilities. Due to their specialized nature, they are not part of the default scan configuration and must be added explicitly to the scan profile. These plugins are designed for particular vulnerabilities and are intended for users who want to perform a more detailed and specific security assessment of their web applications. It's important to note that they are more time-consuming due to the in-depth analysis methods selected.

Here is the list of Advanced Vulnerability Plugins:
  • HID-3-0-10184  Web Cache Poisoning (Fat Get)
  • HID-3-0-10172  HTTP Parameter Discovery
  • HID-3-0-10158  Unvalidated Host-Header in Connection State
  • HID-3-0-10156  Virtual Host Brute Forcing Using Host Header Injection
  • HID-3-0-10148  Request URL override
  • HID-3-1-00017  File Inclusion vulnerability
  • HID-3-1-10017  Persistent server side include vulnerability
  • HID-3-0-10185  Web Cache Poisoning (Path Based)
  • HID-3-0-10183  Web Cache Poisoning (Header Based)

Add additional tests to your scan profile.
To include specific vulnerability tests in your scan profile, see this article's information under Vulnerability Selection.