Security Tests
Before starting a scan, you can specify security issues you want to test.
On the main page, click on the change scan config to go to scan configurations. In the Tests tab, you can select security tests.
You can also select predefined tests using the Test Profile. Below predefined tests are available.
- Default
- No Test
- OWASP Top 10
- Passive
- Headers Security
- High Impact
- Custom
Test for all security issues
The Default test profile in the scan configs includes tests for all security issues except Denial of Service (DOS) tests.
Test for OWASP top ten web application security risks
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
Select OWASP Top 10 in the test profile of scan config to check all vulnerabilities in OWASP Top 10.
The OWASP Top 10 2017 and 2013 are included in this profile.
Scan websites passively
A passive scan detects security issues that can be identified using normal browsing of the website. In this type of scan, no malformed request is sent to the server. The risk of DOS or causing any damage to the backend is minimum in this type of scan. Passive scans also reduce the chance of getting blocked by WAF.
💡 Also read Why you should use passive vulnerability scan on your website.
Select Passive in the test profile to perform a passive scan.
Test Security of HTTP Headers
Having a robust HTTP Headers set makes your web server safe and secure. Configuring web servers to send secure headers requires lots of testing. There is a dedicated test profile in SmartScanner configs to fast-track this process and test and apply necessary changes for HTTP headers security easily.
💡 Also read Complete guide to HTTP Headers for securing websites (Cheat Sheet).
Select Headers Security in the test profile to perform a full HTTP headers security scan.
Finding all critical vulnerabilities
If you want to test for severe security issues, you can select the High Impact test profile.