Web App Scanning

ScanSuite supports both authenticated and unauthenticated web scanning modes using a variety of integrated scanners.

Best Practices

• We recommend creating separate products for different scan types, or even grouping websites by category. This organization helps simplify result analysis and reporting later on.

Running a Web Scan

To initiate a web scan:

1. Navigate to the Dynamic Scanning tab.

2. Enter the URLs you wish to scan as a comma or newline separated list.

3. Select the scanners you wish to use.

4. Ensure the correct Product / Eng ID is entered. This ensures that scan results are stored in the appropriate product folder.

5. Click Submit to start the scan.

ScanSuite uses distributed scanning workers to handle tasks efficiently. Each worker processes one scan job at a time, enabling parallel execution of multiple scans.

• You can easily scale the number of workers as needed.

• For configuration details, refer to the Administration > Setup Parameters and Services section.

As shown in the History – Logs screenshot below, multiple scans can run simultaneously—indicating that multiple scanning workers are active and processing tasks concurrently.

Once all targets are scanned by all chosen scanners, the scanning will be marked as Finished:

Results from Dirbusting or Gobuster scans are not exported to DefectDojo due to the nature of the data collected.

To review discovered paths download the report after the scan completes and review the included findings.