⚠️ We always err on the side of caution and recommend scanning test environments, or those connected to a test harness. Though we don't recommend it, if you are wanting to add admin credentials to a production target, then please read this article first: Adding an admin user when adding Authentications
If you have an unauthenticated web-app, choosing to add an external web application target will automatically assign an application license and kick of our web app scanner on your next scan.
For more information, please see these articles:
Throughout this example we will be using 178.79.154.6
where we are hosting our test application, you may use a fully qualified domain name (FQDN) or IP address.
Adding a target
Head to the targets page and click + Add Targets
> External web application
:
You can then add the Target
and Entrypoint URL
, and any Tags you'd like to assign:
You'll then have a chance to add on an API schema and/or authentication, if you choose to Skip for now, you can add this later on and the target will be scanned from an unauthenticated perspective:
Once you've added your target and optionally added a tag and any authentication or API schemas, you will see it appear in your targets list:
If you click on the target name you will be taken to the Target Details page, where you can view more information about the target. If you click the 'Authentications' tab, you'll see a button inviting you to 'Add authentication
'. Give it a click.
Adding authentications
Once you've clicked the '+ Add authentication" button the + Add
button will allow you to add Authentications.
Once you click on + Add
you will be presented with the following modal which will allow you to chose which authentication type you would like to add:
To keep this user guide concise, we have created separate help guides for each of the authentication types, which you can access by clicking the hyperlinks below:
Starting a scan
Once you've added any needed authentications to your targets you can start a scan as you normally would.
Go to the Scans page, and click Scan Now
. Select the targets you would like to scan, name the scan, if you're only interested in your web ports (port 80 and 443 over TCP) click the Default Web Ports Only
toggle (as shown below).
Please note, that when you start a scan all authentications will be tested – there is no way to specify which authentications you want to include in the scan, currently – this will mean if you have 4 authentications assigned to the target all 4 authenticated scans will be started against the target.
Once you're happy click the Start Scan
button. You'll see that the scan has started and will be listed under the In Progress section of the Scans page.
Please note, the progress base is an approximation but this will become more accurate the more scans you run.
If you ever see "Analyzing Results", don't worry, it just means that our team are manually something to make sure they're accurate.
Oh and last point, authenticated web-app scans can take significantly longer to run that normal, infrastructure scans – so don't panic if it's been a few hours.
Reviewing results
Once the scan has finished and the results have been published, you'll be able to see all of the findings on your Issues page. Here you'll have the option to filter by tag / targets / severity / internal or external. You also have the ability to sort by severity or number or occurrences:
Clicking on an issue will allow you to see all occurrences, as well as the Description and Remediation advice. You also have the facility to snooze an issue or occurence, send to a dev tool of your choice (if you have the appropriate integration set up), as well as review the raw scanner output (which is helpful for those looking for some extra detail).
Downloading a report
We have just the article for that.
Please note, Authenticated web-app scanning is only available to those with Application licenses. If you'd like to learn more about this, head to the chat bot and ask to speak with a member of the team.