Note: This information applies when WAS 1.0 is enabled for your subscription.
Create web applications to make them available as targets for web application scans. Before you launch a web application scan, the target web application must be defined in your account.
Please note:
• It is your responsibility to verify that you have permission to scan all web applications that you specify as scan targets.
• Once added, you cannot remove web applications from your account. Contact your account administrator or Technical Support to remove web applications.
User Permissions: The web application scanning (WAS) module must be enabled for the subscription. Users other than Managers must be granted permissions in order to create web applications. See Users and WAS Features.
1. Select Web Applications from the left menu, under Tools.
2. Go to New > Web Application.
3. In the General Information section, enter a title for the web application. Initially, the user who creates the web application is the owner by default. You can edit the web application after it is saved to change the owner.
4. Specify web application settings in these sections:
• Application Info. Define the web application by providing the target virtual host (IP address or host name), starting port and starting URI where the web crawling will start from. Select the multi-site support feature to allow the web crawler to follow links to certain domains in addition to the virtual host. You have the option to select a default web application profile that will be applied automatically when users launch or schedule a scan on the web application. Configuration settings defined in the profile may affect scan results.
• Authentication. Add, edit and delete web application authentication records that can be selected by users for scanning the web application. Each record identifies form authentication credentials and settings to be used for authentication when the web crawler encounters a login form.
• Black/White Lists. Setup a black list and white list for the web application. Important! Automated web application scanning has the potential of causing data loss. Use the black list feature to avoid data loss.
• Business Info. Provide information that describes the web application in business terms.
• Advanced. Select advanced options (optional) for the web application to select crawling hints, like robots.txt and sitemap.xml, and header injection.
• User Access. Add the users who will have access to the web application.
5. Click Save.