Web Application Sensitive Content

Note: This information applies when WAS 1.0 is enabled for your subscription.

For a web application scan, the scanning engine has the ability to check for sensitive content in the web application pages it crawls based on known patterns (such as credit card numbers, social security numbers) or based on custom patterns you enter. The expression search mechanism can check for credit card numbers and social security numbers (United States only) while reducing false positives. The service does not collect credit card information or social security information.

The workflow for scanning a web application for sensitive content is below.

 


Step 1: Define a web application profile

Create a new web application profile or edit an existing one. Select search options in the web application profile: Credit Card Numbers, Social Security Numbers (United States Only, and/or Custom for user-defined custom patterns. Save the web application profile.

Managing Web Application Profiles

 


Step 2: Launch a web application scan

Define a web application scan and apply a web application profile which has sensitive content options selected.

Launching Web Application Discovery Scans

Scheduling Web Application Discovery Scans

Launching Web Application Vulnerability Scans

Scheduling Web Application Vulnerability Scans

 


Step 3: View web application scan results and reports

Information on sensitive content detections is provided in the web application scan results and reports. The service does not collect credit card information or social security information.

Web Application Scan Results

Running Web Application Interactive Reports

Running Web Application Scorecard Reports