If you would like to customise your scan, you can adjust a variety of settings in Deep Scan Settings. Additional settings can be found under Scan Profile Settings or Deep Scan Authentication options.
Deep Scan Settings allow you to:
- decide if we should crawl your subdomains by enabling or disabling subdomain scanning (What should we scan?)
- avoid the subdomains (Which subdomains should we avoid?)
- avoid and include paths (Which paths/URLs must we include? & Which paths/URLs must we avoid?)
- avoid and include ports (Which ports must we include? & Which ports must we avoid?)
- record custom user behaviour: Professional and Enterprise plans only (Should we use any custom user behaviour?)
- block analytics services (Which predefined analytics services should we avoid?)
- use custom user agents (Which User Agent/device should it identify as?)
- set custom headers and cookies (Which custom headers should always be sent? & Which custom cookies should always be sent?)
- set request limits (How many requests per second should we send at most?)- disable any of our OWASP 2017 tests (Which OWASP Top 10 categories should we test for?)
To make adjustments to your scan, choose your scan profile, navigate to Scan Profile Settings and open Deep Scan Settings.