Fine-tune your Application Scan Settings

If you would like to customise your scan, you can adjust a variety of settings in Application Scan Settings. Additional settings can be found under Scan Profile Settings or Application Scan Authentication options.

To make adjustments to your scan, choose your scan profile, navigate to Application Scan Profile Settings and open Scan Settings:

Scan Settings allow you to:

- decide if we should crawl your subdomains by enabling or disabling subdomain scanning (What should we scan?)

- avoid the subdomains (Which subdomains should we avoid?)

 - avoid and include paths (Which paths/URLs must we include? & Which paths/URLs must we avoid?)

- avoid and include ports (Which ports must we include? & Which ports must we avoid?)

- record custom user behaviour:  (Should we use any custom user behaviour?)

- block analytics services (Which predefined analytics services should we avoid?)

- use custom user agents (Which User Agent/device should it identify as?)

- set custom headers and cookies (Which custom headers should always be sent? & Which custom cookies should always be sent?)

- set request limits (How many requests per second should we send at most?)

-  disable any of our OWASP 2017 tests (Which OWASP Top 10 categories should we test for?)

Video Tutorial