Web App Scanning

ScanSuite supports both authenticated and unauthenticated web scanning modes using a variety of integrated scanners.

Best Practices

• We recommend creating separate products for different scan types, or even grouping websites by category. This organization helps simplify result analysis and reporting later on.

Running a Web Scan

To initiate a web scan:

1. Navigate to the Dynamic Scanning tab.

2. Enter the URLs you wish to scan as a comma or newline separated list.

3. Select the scanners you wish to use.

4. Ensure the correct Product / Eng ID is entered. This ensures that scan results are stored in the appropriate product folder.

5. Add authentication Cookies or Header or both.

6. Click Submit to start the scan.

ScanSuite uses distributed scanning workers to handle tasks efficiently. Each worker processes one scan job at a time, enabling parallel execution of multiple scans.

• You can easily scale the number of workers as needed.

• For configuration details, refer to the Administration > Setup Parameters and Services section.

Results from Hidden Paths and Secrets scans are not exported to DefectDojo due to the nature of the data collected.

To review discovered paths and secrets found in JS, HTML download the Report from the Scan History tab after the scan completes and review the included findings.