Launching Web Application Discovery Scans

Note: This information applies when WAS 1.0 is enabled for your subscription.

Launch a web application discovery scan to learn what parts of the target web application will be scanned for vulnerabilities in a future scan, including URLs and domains (FQDNs), and to test authentication. For a discovery scan, the service performs a crawl-only scan and does not perform any vulnerability assessment. With information from a discovery scan you may choose to change web application settings for black/white lists and authentication records.

For a discovery scan:

      No vulnerability checks are performed.

      Sensitive content checks are performed and findings are reported in your scan results.

      Information gathered checks are performed and findings are reported in your scan results.

      Using an account with the Pay Per Scan service option, a discovery scan does not decrease your scan quota.

The instructions below describe how to launch a web application discovery scan.

 

To launch a web application discovery scan:

1.    Select nav_was_scan.jpg WAS Scan from the left menu. This navigation option is available when the web application module is enabled for the subscription and your account has permissions to launch web application scans.

2.    Go to New > Scan > Discovery.

The Launch Web Application Discovery Scan page appears.

3.    In the Title field, enter a title for the web application discovery scan task. The title will appear in the scan complete email and the scan history list for quick identification.

4.    From the Scanner Appliance menu, select a scanner appliance to be used for scanning when there are scanner appliances in your account. Your options are: External (for scanning a web application on an external-facing network) or a scanner appliance name (for scanning a web application on an internal network).

5.    Specify the target web application and settings for the scan. The settings include a web application title, a web application profile, and a web application record, if you want to test the validity of authentication records. See Web Application Scan Settings for information on your options.

6.    Click Launch to launch the web application discovery scan. A confirmation message appears to indicate that the scan has been launched.

The web application discovery scan appears on the scan history list where you can track its status in the Status column. You can view the scan results when the scan is completed and the status is Finished. To do this, click ico_view_lg.jpg next to the completed scan.

If you have an account with a Pay Per Scan service option, note that web application discovery scans do not decrease the number of web application scans remaining in your account.

 

To cancel a running web application discovery scan:

1.    Select nav_was_scan.jpg WAS Scan from the left menu.

2.    Identify the scan you want to cancel (any scan with the status of Running), and click ico_cancel.jpg. To cancel multiple scans, select the check box next to each scan you want to cancel and then select Cancel from the Actions menu. Then click Apply.

3.    A message appears asking you to confirm the action.

4.    Click Yes.