- Knowledge base
- Web Application Security
- Scan profiles
-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
System & Network Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS ASV scans
-
Terms & conditions
-
Dashboard
What web scan profiles are available?
The following ready-made- scan profiles are available.
Web scan profile – Standard
This profile gives you a good balance between coverage, time consumption, and load in the target environment.
Web scan profile - Request smuggling
This profile is designed to identify vulnerabilities related to smuggled messages between the client and server, which can lead to queue-based smuggling or external SSRF attacks.
Web scan profile - GraphQL
This profile is specifically designed to uncover vulnerabilities in GraphQL, such as Denial of Service (DOS) conditions in a GraphQL API or unauthorized access to the GraphQL UI, which could lead to information disclosure or authentication bypass.
Web scan profile - Advanced Config
This profile is designed to scan for various vulnerabilities, such as directory traversal and External Service Interaction. (It will increase the scan time.)
Web scan profile - Web Cache Poisoning
This profile is designed to detect Web Cache Poisoning vulnerabilities, such as Host header injection or Web Cache Poisoning (Fat Get). If these vulnerabilities are successfully exploited, they could facilitate various attacks, including cross-site scripting (XSS) or SQL injection (SQLi).
Web scan profile - Parameter Mining
This profile is designed to uncover HTTP Parameter Discovery, which, if exploited successfully, could result in a range of cyber threats such as unauthorized access, data manipulation, Cross-Site Scripting, Open Redirection, and other vulnerabilities that may be hidden within parameters.
Cloud Misconfigurations Scan Profile
Cloud storage services like AWS S3, Azure Blob, and Google Cloud Storage are often misconfigured, leaving sensitive resources exposed to the Internet. This profile is designed to allow you to automate the detection of these exposures using active and passive checks.
Web scan profile - SOAP
SOAP (Simple Object Access Protocol) web services are widely used in enterprise environments. However, improper configurations and weak implementations can expose critical security vulnerabilities. This profile allows you to create tailored scan profiles targeting SOAP-based vulnerabilities, ensuring comprehensive security coverage for your web applications and APIs. Web
Scan profile - Out-of-Band (OOB) Out-of-Band (OOB)
Vulnerabilities refer to security issues where interactions or data are transferred outside the direct communication channel. This profile performs a comprehensive security evaluation by scanning for various vulnerabilities, including but not limited to those involving OOB interactions.
Web Scan - Optimised Profile - Fast
Scans without using the scan tests that are the least efficient in terms of speed and finding vulnerabilities. This profile will see 96% of vulnerabilities in 80% of the default scan runtime.
Web Scan - Optimised Profile - Essentials
Scans using only highly efficient scan tests regarding speed and finding vulnerabilities. In this profile, it is expected that 60% of vulnerabilities are found in 5% of the default scan runtime.