- Knowledge Base
- Web Application Security
- Scan profiles
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
Network & System Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
-
Attack Surface Management
What web scan profiles are available?
The following ready-made- scan profiles are available.
Web scan profile – Standard
This profile gives you a good balance between coverage, time consumption, and load in the target environment.
Web scan profile - Request smuggling
This profile is designed to identify vulnerabilities related to smuggled messages between the client and server, which can lead to queue-based smuggling or external SSRF attacks.
Web scan profile - GraphQL
This profile is specifically designed to uncover vulnerabilities in GraphQL, such as Denial of Service (DOS) conditions in a GraphQL API or unauthorized access to the GraphQL UI, which could lead to information disclosure or authentication bypass.
Web scan profile - Advanced Config
This profile is designed to scan for various vulnerabilities, such as directory traversal and External Service Interaction. (It will increase the scan time.)
Web scan profile - Web Cache Poisoning
This profile is designed to detect Web Cache Poisoning vulnerabilities, such as Host header injection or Web Cache Poisoning (Fat Get). If these vulnerabilities are successfully exploited, they could facilitate various attacks, including cross-site scripting (XSS) or SQL injection (SQLi).
Web scan profile - Parameter Mining
This profile is designed to uncover HTTP Parameter Discovery, which, if exploited successfully, could result in a range of cyber threats such as unauthorized access, data manipulation, Cross-Site Scripting, Open Redirection, and other vulnerabilities that may be hidden within parameters.