Performing dynamic web scanning

ScanSuite supports both authenticated and non-authenticated web scanning modes with various scanners.

It is recommended to create separate products for different scan types, and maybe even website groups as it will be easier to examine the results later.

To run the web scan, follow the Dynamic Scanning tab, enter the comma separated list of the URLs, choose the scanners you want to invoke.

As usual, ensure the right Engagement ID number is set so the results will be saved within the intended product folder and click Submit:

ScanSuite supports the concept of distributed workers which take each scanning task and execute it. The number of workers can be easily extended as needed, check the Setup parameters and services in Administration section for more information.

As depicted below on the History – Logs screenshot, several scans have been started almost simultaneously, meaning 3 scanning workers are up and processing the tasks:

Once all targets are scanned by all chosen scanners, the scanning will be marked as Finished:

Note: Dirbusting / Gobuster results will not be exported to DefectDojo because of the nature of the scan. The best way to view revealed paths is by checking the scan logs or to download the Report by the end of the scan and check the scan reports: