A user's permission to launch a scan and view scan results depends on the user’s account settings. The user's role (Manager, Unit Manager or Scanner) determines whether the user can launch scans and edit schedule settings. The user's scope determines which web applications, option profiles, and scanner appliances are available to the user. Learn more
Our KnowledgeBase of vulnerabilities is the largest in the industry and it is available to you at all times. Multiple sources contribute to updating the KnowledgeBase on a continuous basis, including the research of our own Security Engineers. When you launch a vulnerability scan, we'll check for all vulnerabilities if you choose the option profile called "Initial WAS Options". Want to limit the scan to certain vulnerabilities? No problem, just update your option profile before you launch your scan. Go to the KnowledgeBase and create a search list (this is a list of vulnerability QIDs), then edit the option profile you'll use for the scan and select the search list.
Each vulnerability in the KnowledgeBase is assigned a unique ID (QID), a type (vulnerability, potential vulnerability, information gathered) and additional information for classification and tracking. Learn more
Enable the ScanTrust option to scan a web application protected by WAF. This lets you get visibility on vulnerabilities that are not yet fixed but blocked by WAF. Learn more
The scan status appears in scan results and reports, and you can see the status of your running and completed scans in the Status column of the scans list. To track the progress of a running scan, hover over the scan in the scan list and choose View from the menu. Learn more
We display more information in the scan view to give you a better picture about the scan progress by displaying the scan phases along with the status. Once the scan is launched, go to the quick actions menu and select View. You can view the scan progress and the various phases it undergoes before the scan is completed. We display the progress of each phase for you to know the scan status.
We also display the scan progress bar that tells you the time elapsed since the scan was launched. The elapsed time portrays a clear picture of how long the scan has been in progress from the time it has been launched.
We display scan statistics to help you analyze your scan in a better manner. Once the scan achieves Finished status, you can select View from quick actions menu and view the scan statistics. We also display: Ajax Links Crawled, Request Crawled, Timeout Errors, Unexpected Errors for the scan.
You'll know when the scan status shows Finished. At this time you can select View from the Quick Actions menu to see an overview of the scan. Then click the View Report button to launch a report of the scan details. If you have notifications turned on you'll get an email. This is especially useful if you logged out of the application or went on to do other things while the scan was running. Learn more
The scan preview and results tell you whether authentication was successful. If authentication was successful, the authentication record name appears in green. If not successful, the name appears in red. Learn more
Yes. In fact it's best practice to setup scheduled scans so that scans run automatically and you receive scan results on a regular basis - daily, weekly or monthly. Regular scan results give you the most meaningful reports and help you lower security risk. Simply go to Scans > Schedules and click New Schedule.
Can I deactivate a schedule?
Yes. Just edit the schedule and select Deactivate in the Scheduling Options to suspend scheduled scanning for reasons like maintenance or during holiday season blackout periods. You can reactivate a deactivated schedule at any time by deselecting the Deactivate option.
Can I download my schedules to iCalendar?
Yes, it's easy. Just hover over the schedule in the schedules list and select "Download as iCalendar" from the Quick Actions menu.
We'll download an ICS file to your local file system and you can import the calendar file into any calendar application that supports iCalendar, such as Microsoft Office Outlook, Lotus Notes, Google Calendar and Apple iCal.
Yes, you can cancel an unfinished scan (child scan in a multi-scan as well). Just select the scan in the scans list and choose Cancel from the menu. The Results will not be returned for scans canceled in this way. To return results for a cancelled scan, we recommend using the cancel setting when launching or scheduling your scan. (Note: the Cancel Scan option is enabled only after 20 minutes of scan goes into Running status.)
Choose the Scan Cancel option to cancel a scan automatically after some period of time - a number of hours, or at a specific time. You can choose the Cancel Option for a new scan, child scan of a multi-scan and a scan schedule, and for a web application's default scan settings.
Yes, you can use Cancel Scan with Results option from the quick action menu to cancel a unfinished scan and then retrieve the partial scan results. (Note: the Cancel Scan with Results option is enabled only after 20 minutes of scan goes into Running status.)
To view the partial data that has been retrieved by the unfinished scan, click View Report from the quick actions menu for scans with Canceled With Results status. The Cancel Scan with Results option is available for child scan in a multi-scan as well.
You can download the finished scan results in legacy XML from the scans list. Legacy XML is the scan results format created using WAS v1. Go to Scans > Scan List, hover over a scan row and choose Download from the Quick Actions menu. You can view results of a finished scan by choosing View from the Quick Actions menu. You'll see an overview of the scan. Here you can click the View Report button to launch a report of the scan details.
Yes. Identify the scan you want to run again and choose Scan Again from the Quick Actions menu. We'll do our best to pre fill the scan settings to match the original scan. We may not be able to pre fill settings if there were changes in your account like the option profile was renamed. Interested in automated scanning? Go to the Schedules tab and set up a recurring scan schedule for continuous monitoring.
The scan sitemap gives you an interactive view of scan results for a single web application. Just select a scan (from the scans list) and then View Sitemap from the Quick Actions menu. The sitemap lets you explore pages/links scanned, links crawled, vulnerabilities and sensitive content detected, and drill down to see information on nested links. You can select links found to take these actions: create new web applications, and blacklist/whitelist links for the target web application.
You can run reports on your scan when the status in the scan list is shown as Finished. Just choose View Report from the Quick Actions menu.
By default, scan results are Never Deleted. Scan owners have the option to set a storage limit of 1 to 13 months. You define scan storage settings in the WAS application.
How do I configure scan storage?
Choose Web Application Scanning from the application picker and go to Scans > Defaults. Click Edit to define your scan storage settings.
Select the "Automatically delete scan results after __ months" check box to define the scan storage settings.
You can tell how each scan was launched by looking at your scan list. You'll see one of these launch modes for each scan: on demand, scheduled or API. The preview pane also shows the launch mode.
The preview pane appears under the scans list when you click a row in the Scans section. The preview displays the target web application, the user who launched the scan and the date and time when the scan was launched and other details. The authentication record name appears in green if successful, in red if not successful. For a discovery scan you'll see the crawling time and number of pages discovered. For a vulnerability scan you'll see the number of vulnerabilities detected and a breakdown of vulnerabilities by severity level. Tip - Hover over the authentication record name for more information.
You'll see the status of detected vulnerabilities in Scan Reports. We continuously update the status of detected vulnerabilities in your account, based on the most recent scan results. Each vulnerability instance is assigned a status - New, Active, Fixed or Reopened. Look here
What does the status mean?
New - The first time a vulnerability is detected by a scan the status is set to New.
Active - A vulnerability detected by two or more scans is set to Active.
Fixed - A vulnerability was verified by the most recent scan as fixed, and this vulnerability was detected by the previous scan.
Reopened - A vulnerability was reopened by the most recent scan, and this vulnerability was verified as fixed by the previous scan. The next time the vulnerability is detected by a scan, the status is set to Active.
Protected - A vulnerability that is blocked for an application protected by WAF.
You can troubleshoot most scan problems by viewing the QIDs in the scan results. Learn more
You might see this error reported for a web application scan. Click here to learn how to reproduce it.
Our WAS application is the most scalable web application scanning solution available. We've enhanced the ability to support large web application scanning programs by adding the ability to scan any number of web applications as a Multi-Scan. This feature enables you to scan hundreds or even thousands of web applications you may have in your organization with granular insight into what scans are running and which ones are complete.
A couple things to consider...
- Take advantage of our asset tagging to categorize applications and you can scan them together - just select the tags for your scan. Don't have time to tag your applications? No problem - you can pick and choose application names.
- For a Multi-Scan that's finished, you have the option to delete some or all of the individual (child) scans. If you've deleted individual scans and none are left, we'll ask you whether you want to keep the parent Multi-Scan or delete it (in this case the parent is empty and has no scan results associated with it).
- To relaunch only few of the child scans, go to Scans > Scan List and select the multi-scan, then click View Scans from the quick action menu. Select the required child scan and then choose Scan again from the Actions menu to relaunch the required child scans. The title for such scans is in the format: Relaunch [original scan name] <DATE> <TIME>
-You'll see next to scan status to indicate that the current scan is a Multi-Scan. After the scan is completed, if you see , it indicates that one or more scans ended in "Error" status or some other problem occurred in the Multi-Scan itself.
The alert icon is displayed for following conditions:
-one or more scans within a multi-scan ends with "Service Errors Detected".
-if any of the child scans ends with "Error" scan status.
-if none of the child scans end with "Finished" status
-if all slices that are having either of below mentioned statuses: No Host Alive, No Web Service, Time Limit Reached (Green color), Scan Not Launched, Scanner Not Available.
- If the multi-scan reached the designated cancel time but there were still child scans in "submitted" status. When this occurs, the slices in submitted status have final status of "Time Limit Reached" in orange color.
Note: The alert icon is NOT shown if one or more scans within a multi-scan ends with "Canceled" or "Canceled with Results".
Enhanced Crawling: The enhanced crawling in your option profile for your scans improves scan coverage for your web application. With the enhanced crawling enabled, more links can be crawled. We will re-crawl individual directories present in the links which are found during crawling. Learn more
You can easily configure default values for scan at the user level. You can configure the number of months for which you want to retain the scan data and default format of the scan title. User default settings will always override the subscription default settings.
Simply go to Scans > Defaults to view the current settings. Click Edit to change the values and save your changes.
By default, we use form field names to calculate form uniqueness. Select "Form Crawl Scope" option and we’ll use form action URI along with form fields for calculating the form uniqueness.