Note: This information applies when WAS 1.0 is enabled for your subscription.
When defining a web application scan, select the target web application and scan settings.
Select the web application that you want to scan from the menu provided. The web applications that you have access to are listed.
The web crawler crawls a web application under a single host name or IP address and follows links to domains for multi-site support, as defined for the web application settings. The application can consist of a single physical host or multiple identical hosts behind a single load-balanced server.
Select an option profile to apply to the web application scan.
You can either accept the application's default profile or select a profile from the list. The default profile appears as "Default (profile title)". If no default web application profile has been defined, the default appears as "Default (None)". In this case, click View to display the available profiles.
After making a selection, click View next to the web application profile to view information about it.
The first time you scan a particular web application, it's recommended you launch a discovery scan. When running a discovery scan, the scanning engine performs web crawling only (not vulnerability testing). This is a good way to understand where the scan will go and whether there are URIs you should blacklist for the web application.
Authentication to HTML forms is optional for a web application scan. Select an authentication record to apply to the scan if authentication is desired. The menu displays all authentication records defined for the selected web application. By default, no authentication record is selected.