Skip to content
  • There are no suggestions because the search field is empty.

What are the settings in a web assessment profile?

A profile defines how a web application assessment is performed, including crawl behavior, scan intensity, vulnerability coverage, and handling of sensitive content. The settings allow you to customize assessments to balance performance, coverage, and stability.

General Information

  • Name: The name of the profile.

  • Owner: The user responsible for the profile.

  • Details: A description field that can be used to explain the purpose of the profile.

Crawl Settings

  • Form method: Determines how the assessment evaluates the functionality and security of forms on the web application.

  • User agent: The user agent string used during the assessment.

  • Maximum crawl requests: The maximum number of crawl requests the assessment will perform. The system allows up to 8,000 requests.

Scan Intensity

Scan intensity determines the number of requests per second during the assessment:

  • Low: 10 requests per second

  • Medium: 30 requests per second

  • High: 50 requests per second

  • Custom: Specify a custom request rate

Requests per second: The total number of requests sent per second. The recommended value is 30 requests per second.

Vulnerabilities

Vulnerability selection allows you to include or exclude specific vulnerabilities in the assessment.

  • Default vulnerability categories: Includes most of the tests needed to identify vulnerabilities in a web application.

  • Enable advanced path traversal XSS: Includes tests for path traversal vulnerabilities. Learn more here:

    Path Traversal Vulnerability.

  • Include: Search and select vulnerabilities by category, name, or HID to focus the assessment on specific areas.

  • Exclude: Exclude single HIDs or entire vulnerability categories from the assessment.

Stability

Some tests are skipped by default to improve the stability and performance of the web application assessment.

  • Skip password brute forcing: Disables attempts to brute force authentication forms.

Sensitive Content

Sensitive content testing searches for personal or confidential data, such as credit card or Social Security numbers.

  • Custom content: Allows you to define specific search criteria for the assessment.