If you would like to customise your scan, you can adjust a variety of settings in Deep Scan Settings. Additional settings can be found under Scan Profile Settings or Deep Scan Authentication options.
Deep Scan Settings allow you to:
- decide if we should crawl your subdomains by enabling or disabling subdomain scanning (What should we scan?)
- blacklist the subdomains (Which subdomains should we avoid?)
- blacklist and whitelist paths (Which paths/URLs must we include? & Which paths/URLs should we avoid?)
- blacklist and whitelist ports (Which ports must we include? & Which ports should we avoid?)
- record custom user behaviour: Professional and Enterprise plans only (Should we use any custom user behaviour?)
- block analytics services (Which predefined analytics services should we avoid?)
- use custom user agents (Which User Agent/device should it identify as?)
- set custom headers and cookies (Which custom headers should always be sent? & Which custom cookies should always be sent?)
- set request limits (How many requests per second should we send at most?)- disable any of our OWASP 2017 tests (Which OWASP Top 10 categories should we test for?)
To make adjustments to your scan, navigate to Deep Scan settings in your scan profile overview.