Note: This information applies when WAS 1.0 is enabled for your subscription.
For a web application scan, the scanning engine has the ability to check for sensitive content in the web application pages it crawls based on known patterns (such as credit card numbers, social security numbers) or based on custom patterns you enter. The expression search mechanism can check for credit card numbers and social security numbers (United States only) while reducing false positives. The service does not collect credit card information or social security information.
The workflow for scanning a web application for sensitive content is below.
Create a new web application profile or edit an existing one. Select search options in the web application profile: Credit Card Numbers, Social Security Numbers (United States Only, and/or Custom for user-defined custom patterns. Save the web application profile.
Managing Web Application Profiles
Define a web application scan and apply a web application profile which has sensitive content options selected.
Launching Web Application Discovery Scans
Scheduling Web Application Discovery Scans
Launching Web Application Vulnerability Scans
Scheduling Web Application Vulnerability Scans
Information on sensitive content detections is provided in the web application scan results and reports. The service does not collect credit card information or social security information.