WAS Scan from the left menu. This
navigation option is available when the web application module is enabled
for the subscription and your account has permissions to launch web application
scans.Note: This information applies when WAS 1.0 is enabled for your subscription.
Launch a web application vulnerability scan to find out whether your web application has vulnerabilities and to view scan results showing detected vulnerabilities, sensitive content data, and information gathered data. After the scan is finished, you have the option to generate reports based on the most recent scan data in your account to assist you with the remediation process.
The instructions below describe how to launch a web application vulnerability scan and cancel a scan in progress. Note that it’s not possible to pause and resume web application scans.
Note that for the first scan of a web application, it's recommended you launch a discovery scan. When running a discovery scan, the scanning engine performs web crawling only. This is a good way to understand where the scan will go and whether there are URIs you should blacklist for the web application. See Launching Web Application Discovery Scans.
Before you begin, be sure that configurations are available in your account. The target web application must be available on the web applications list (go to Web Applications under Tools). See Creating Web Applications for information. The web application profile to be used must be available on the option profiles list (go to Option Profiles under Tools). See Managing Web Application Profiles for information.
User Permissions: The web application scanning (WAS) module must be enabled for the subscription. Users other than Managers and the web application owner must be granted permissions to launch a web application scan. See Users and WAS Features.
1. Select
WAS Scan from the left menu. This
navigation option is available when the web application module is enabled
for the subscription and your account has permissions to launch web application
scans.
2. Go to New > Scan > Vulnerability.
The Launch Web Application Vulnerability Scan page appears.
3. In the Title field, enter a title for the web application scan task. The title will appear in the scan complete email and the scan history list for quick identification.
4. From the Scanner Appliance menu, select a scanner appliance to be used for scanning when there are scanner appliances in your account. Your options are: External (for scanning a web application on an external-facing network) or a scanner appliance name (for scanning a web application on an internal network).
5. Specify the target web application and settings for the scan. The settings include a web application title, a web application profile, and a web application record if authentication is desired. See Web Application Scan Settings for information on your options.
6. Click Launch to launch the web application vulnerability scan. A confirmation message appears to indicate that the scan has been launched.
The web application vulnerability scan appears on the scan history list
where you can track its status in the Status
column. You can view the scan results when the scan is completed and the
status is Finished. To do this, click 
next to the completed scan.
If you have an account with a Pay Per Scan service option, a confirmation appears with the number of web application scans remaining in your account and the number of web application vulnerability scans that may be used up by the task. See Pay Per Scan Accounts for more information.
1. Select
WAS Scan from the left menu.
2. Identify
the scan you want to cancel (any scan with the status of Running), and
click 
.
To cancel multiple scans, select the check box next to each scan you want
to cancel and then select Cancel
from the Actions menu. Then click
Apply.
3. A message appears asking you to confirm the action.
4. Click Yes.