Scan Expert modules
A table of Scan Expert modules and their descriptions.
The list is arranged in the order that the modules run. If there is a conflict between the recommendations of two or more modules, the one lower in the list prevails.
If you add a module of your own, it is added to the bottom of the list, so that if there are conflicts with existing modules, your new module will prevail.
If necessary you can use the up and down arrows to promote and demote modules in the list.
Module |
Description |
---|---|
Parameter-Based Navigation Site Detection | Checks if the application uses parameter-based navigation, and helps configure the scan correctly for this. |
Server Authentication | Checks for missing or failed NTLM and HTTP Authentication details. |
Proxy server | Checks that no Proxy Connection or Authentication errors occurred. |
Client-Side Certificate | Detects whether a client certificate is required. |
Missing Recorded Login | If the scan is configured to detect login pages automatically, alerts user when no such page is detected. |
Detect AJAX Frameworks | Looks for markers of common AJAX Frameworks, which require JavaScript execution. |
Detect Session IDs | Checks whether Session IDs were found for the automatic or recorded Login Sequence. |
Unfilled Forms | Detects unfilled forms. |
Detect Untested Servers | Detects links to servers other than the Starting URL server, in the same domain as the Starting URL. If such links are found, the module will recommend adding to the list of Additional Servers and Domains (Configuration > URL and Servers). |
Communication Timeout | Evaluates the accuracy of the Communication Timeout configuration. |
Number of Threads | Assesses the ability of the application to withstand multiple scanning threads |
Detect Error Pages | Detects custom error pages in the application. |
Case Sensitive Path | Checks web application server for case sensitivity. |
Suspicious URL | Detects suspicious URLs that should probably be excluded from the scan. |
Logout Link Missing | Detects Logout pages. |
Depth Limit | Checks if links are unreachable, due to depth limit. If so, it may suggest that depth limit be increased or disabled. |
Detect Flash Objects | Detects the use of Flash within the web application. |
web Services | Detects the existence of web services in the application. |
Check Environmental Settings | If any global questions exist in the Environmental Settings tab, alerts the user if none of these questions have been answered. |
WebSphere Portal Detection | Checks if the tested application is based on WebSphere Portal. |
Scan Expert Evaluation | Checks whether Scan Expert evaluation was performed successfully. |
Hacme Bank Detection | Checks if tested application is McAfee Foundstone Hacme Bank |
WebGoat Detection | Checks if tested application is OWASP's WebGoat |