Workflow for advanced users
This workflow can help users with experience in the field of web security achieve a more thorough scan.
The success of the Test stage, and therefore of the scan itself, depends on the coverage achieved during the Explore stage. If the Explore stage misses important parts of the application logic, the Test stage will not be able to reveal important vulnerabilities that might exist. Following this workflow can help you improve Explore stage coverage.
Task |
Description |
---|---|
1. Initial Configuration |
Using the wizard or the Scan Configuration
dialog box:
For a fuller description of this step, see Initial Configuration |
2. Explore Only |
Run an initial Automatic Explore:
For a fuller description of this step, see Initial Automatic Explore |
3. Improve site coverage manually using the browser |
Add URLs which Automatic Explore missed:
For a fuller description of this step, see Improve site coverage manually |
4. Continue Explore Only |
With the new data you have provided trough
the Manual Explore, Automatic Explore will probably be able to explore
the application more thoroughly. Note: Click > Continue Automatic Explore (or Scan > Explore Only), to preserve the
initial Explore results and the Manual Explore data. Do not click Re-Scan > Re-Explore, as this will delete the existing
data. |
5. Evaluate Explore results |
Review the results so far, to see if the
application logic has been well covered by the exploring done so far. Note: If you make any configuration changes, you should run Automatic Explore
again (Scan > Re-Explore). For a fuller description of this step, see Evaluate Explore results |
6. (If needed) Additional configuration |
There are some additional configuration options that you should consider if application coverage so far is not sufficient. For a fuller description of this step, see Additional configuration |
7. Test stage |
Click Test Only to proceed with the Test stage, completing the scan. |