Skip to content
  • There are no suggestions because the search field is empty.

What web scan profiles are available?

Import a scan profile

To import the web scan profiles below, follow these steps:

  1. Log in to Security Center.
  2. In the main navigation bar, hover over Assessments.
  3. From the dropdown menu that appears, select Profiles.
  4. Select Web & API.
  5. Click Import and select the profiles you wish to import.
  6. Click Import selected.
  7. Done!

Overview of ready-made web assessment profiles

Profile name:  Description: 

Web scan - Standard

This profile gives you a good balance between coverage, time consumption, and load in the target environment.

Web scan - Request smuggling

This profile identifies vulnerabilities in smuggled messages between the client and server that can lead to queue-based smuggling or external SSRF attacks.

Web scan - GraphQL

This profile is specifically designed to uncover vulnerabilities in GraphQL, such as denial of service (DOS) conditions in a GraphQL API or unauthorized access to the GraphQL UI, which could lead to information disclosure or authentication bypass.

Web scan - Advanced config

This profile is designed to scan for various vulnerabilities, such as directory traversal and external service interactions (which will increase the assessment time).

Web scan - Web cache poisoning

This profile is designed to detect web cache poisoning vulnerabilities, such as host header injection or web cache poisoning (Fat Get). If these vulnerabilities are successfully exploited, they could facilitate various attacks, including cross-site scripting (XSS) or SQL injection (SQLi).

Web scan - Parameter mining

This profile is designed to uncover HTTP parameter discovery, which, if exploited successfully, could result in a range of cyber threats, including unauthorized access, data manipulation, cross-site scripting, open redirection, and other vulnerabilities hidden within parameters.

Web scan - Cloud Misconfigurations 

 

Cloud storage services such as AWS S3, Azure Blob Storage, and Google Cloud Storage are often misconfigured, leaving sensitive data exposed to the internet. This profile is designed to allow you to automate the detection of these exposures using active and passive checks. 

Web scan - SOAP

 

SOAP (Simple Object Access Protocol) web services are widely used in enterprise environments. However, improper configurations and weak implementations can expose critical security vulnerabilities. This profile allows you to create tailored assessment profiles targeting SOAP-based vulnerabilities, ensuring comprehensive security coverage for your web applications and APIs.

Web scan - Out-of-Band (OOB) Vulnerability 

 

Vulnerabilities are security issues in which interactions or data are transferred outside the direct communication channel. This profile performs a comprehensive security evaluation by assessing various vulnerabilities, including, but not limited to, those involving OOB interactions.

Web scan - Optimised Profile - Fast

 

Assessments without using the tests that are the least efficient in terms of speed and finding vulnerabilities. This profile will see 96% of vulnerabilities in 80% of the default assessment runtime.

Web scan - Optimised Profile - Essentials

 

Assessments using only highly efficient tests for speed and vulnerability detection. In this profile, it is expected that 60% of vulnerabilities are found in 5% of the default assessment runtime.