Web applications can run a variety of ports, hence, it is possible to configure Application Scanning to scan on any ports. The default is that Application Scanning will scan port 80 and 443.
In order to see which ports were assessed during the scan, we provide a finding titled “Discovered Hosts”, which you can find in the results.
Scanning other ports than 80 and 443
Avoid scanning port 80 and/or 443
There's a toggle in the Application Scanning settings called "Should we scan common ports?". When this setting is on, our scanner checks against a range of commonly exposed ports, which include standard ports such as 80, 443, 8080, 8081, as well as ports related to specific technologies, such as 3000, 5432, 7001.
This port scanning might be interpreted as intrusive by WAFs, so we recommend to keep this setting off, and to specify the ports Application Scanning should scan with the settings
Q: Do I need to include ports 80 or 443 in order to run a scan?
A: There is no need to include either ports 80 or 443. For example, your web application can run on 8080, and simply including that, and disabling scanning common ports will allow proper scanning of the application.