Before starting a scan, you can specify security issues you want to test.
On the main page, click on the
change scan config to go to scan configurations. In the
Tests tab, you can select security tests.
You can also select predefined tests using the
Test Profile. Below predefined tests are available.
- No Test
- OWASP Top 10
- Headers Security
- High Impact
Test for all security issues
Default test profile in the scan configs includes tests for all security issues except Denial of Service (DOS) tests.
Test for OWASP top ten web application security risks
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
OWASP Top 10 in the test profile of scan config to check all vulnerabilities in OWASP Top 10.
The OWASP Top 10 2017 and 2013 are included in this profile.
Scan websites passively
A passive scan detects security issues that can be identified using normal browsing of the website. In this type of scan, no malformed request is sent to the server. The risk of DOS or causing any damage to the backend is minimum in this type of scan. Passive scans also reduce the chance of getting blocked by WAF.
💡 Also read Why you should use passive vulnerability scan on your website.
Passive in the test profile to perform a passive scan.
Test Security of HTTP Headers
Having a robust HTTP Headers set makes your web server safe and secure. Configuring web servers to send secure headers requires lots of testing. There is a dedicated test profile in SmartScanner configs to fast-track this process and test and apply necessary changes for HTTP headers security easily.
💡 Also read Complete guide to HTTP Headers for securing websites (Cheat Sheet).
Headers Security in the test profile to perform a full HTTP headers security scan.
Finding all critical vulnerabilities
If you want to test for severe security issues, you can select the
High Impact test profile.