Your application may behave differently to different devices trying to access it. A typical example of this would be a mobile and a desktop version of the same website. Different behaviors may hold different vulnerabilities. Some applications may even block content for some devices (e.g. due to lack of supported features), which can also include Detectify. For thorough assessment, we recommend running scans using all the different devices your application supports.
To change how your application identifies traffic from Application Scanning you can change the device in the Application Scanning settings. The device specifies what user agent to send in HTTP requests, and what screen size to use when crawling the application.
By default we use the user agent
Mozilla/5.0 (compatible; Detectify) +https://detectify.com/bot/{token}
Visiting the provided link gives information about who started the scan and when. This link will be provided for all user agents so it’s always possible to identify the source of the traffic.
In addition to the Detectify device, you can
select from the predefined devices, which changes both user agent and screen size, or
add a custom user agent that is tailored to your needs, with the default screen size.
By adding your own custom user agent you can impersonate anything you want. In addition to a specific text, we also allow variables in the user agent, such as:
name of the Scan Profile: %scan-profile-name%
token of the Scan Profile: %scan-profile-token%
endpoint of the Scan Profile: %scan-profile-endpoint%
FAQ
Q: Does changing the device mean you run different HTML parser or Javascript engines?
A: Our goal is not to fully emulate a device, but rather convince your web application to respond with different behavior to the requests. Hence, we only change the user agent and the screen size.
Q: Can I use multiple devices in the same scan?
A: Throughout the same scan we use the same device. You can change the device between scans to trigger different behavior, or create multiple Scan Profiles with different devices to scan differently.