Continuous security scans are important as new hacking techniques pop up more and more often and lots of vulnerabilities are disclosed every day. We update Application Scanning frequently and when major events happen (such as Heartbleed or log4shell), we typically release security tests within a few hours to make sure the latest vulnerabilities are included in your test, helping you keep your website secure.
With scheduling you can:
run recurring scans starting at a specific date and time, on a daily, weekly, biweekly and monthly basis,
run scans upon release of new Application Scanning versions,
run a single scan at a specific date and time.
In order to keep your website continuously secure, we recommend scheduling Application Scanning on a weekly basis at the minimum. You can set up schedules in the Detectify tool or using the Detectify API.
Scheduling in the Detectify tool
You can set up scheduling for Application Scanning in the Scan Profile settings, which you can reach by
selecting the Next scan time in the Application Scanning page, or
selecting additional actions for the Scan Profile in the Application Scanning page, or
selecting the “cogwheel” in the Scan Profile results.
Edit “How often do you want to run a scan” to schedule either a single scan or recurring scans. Toggle “Scheduled scan” to run a single scan, where you can select the date and time of when to start the scan. Toggle “Recurring scans” to set a recurring scan, and select the frequency from the dropdown. For recurring scans the date and time of the first scan is also the one set under “Scheduled scan”.
Edit “Should we automatically start a scan when new security tests are added?” to schedule scans when new versions of Application Scanning are released by toggling “Start scan”.
Scheduling in the Detectify API
In order to set up Application Scanning in the API, you need to create an API key.
You can schedule single or recurring scans using the API by sending a POST request to https://api.detectify.com/rest/v2/scanschedules/{scanProfileToken}/ with the following request body:
{
"frequency": "string",
"start": "string"
}
“Start” specifies the date and time of the first scan, while “frequency” can be once for a single scan or daily, weekly, biweekly or monthly for recurring scans. For more information, please refer to the API documentation.
FAQ
Q: Is it possible to have both recurring scans and also scan when a new version is released?
A: Yes, you can simply enable both settings, and we will start scans on both occasions.
Q: What if a scan is already running when a scan is supposed to start?
A: As you can only run a single scan at a time with a Scan Profile, we will not start a new scan when a scan is already running, even if it is scheduled. The schedule will simply resume at the next time.
Q: I want to perform scanning at a specific time interval, when my website’s traffic is low, is that possible?
A: Due to the nature of Application Scanning, it’s not possible to constraint the scan to a time interval, as it may not complete all security tests. In case the scan needs to stop at a specific time, you can stop the scan, which you can automate using the API.