Select Core to scan for the WAS core set of web application vulnerabilities in the KnowledgeBase.
Select Categories and choose the desired predfined vulnerability categories to define the detection scope.
Select Custom Search Lists to use static or dynamic search lists to define the detection scope. You can select search lists to include and/or search lists to exclude.
Select XSS Power Mode to run a specialized scan that performs comprehensive tests for cross-site scripting vulnerabilities.
Select Everything to scan for all the web application vulnerabilities in the KnowledgeBase.
You may select one or more types of sensitive content detection. Your options are:
Credit Card Numbers - Check for sensitive content based on credit card numbers.
Social Security Numbers - US Format - Check for sensitive content based on social security numbers.
Custom - Check for sensitive content based on custom patterns you specify. Sensitive content for custom checks may be specified as strings and regular expressions in the field provided. You can enter a maximum of 10 custom checks, where each check appears on a separate line. An entry for a single check must be a minimum of 5 characters and a maximum of 100 characters.
Important: Sensitive content detection will be performed only when you scan for QID 150016. If you select Custom in the Detection Scope settings, you must add an "Include" search list that includes QID 150016.
You can specify keywords in the form of strings and regular expressions when creating or editing an Option Profile to search for URL links that contains the specified keyword. Currently, we search for keywords only in the internal links that are found in the crawling phase for each target application in a Discovery/Vulnerability scan. You can enter a maximum of 10 keywords where each keyword appears on a separate line. A keyword should be 5 to 200 characters long.
All the unique links that contains the specified keywords are shown under information gathered QID 150141 in the WAS scan and web application reports. Note that we show the crawled links under QID 150009.