Settings

This page covers advanced configuration options for Application Scanning that control how the scanner interacts with your target application.

Port and URL Configuration

Port Scanning

Port scanning checks for open ports on your target’s IP address. This can reveal services running on non-standard ports that may be part of your application’s attack surface.

As of May 2023, port scanning is disabled by default for new scan profiles. If your application serves content on non-standard ports or you want to discover additional services, you can enable port scanning in your scan profile settings.

When enabled, the scanner checks for common web service ports (such as 8080, 8443, 3000) in addition to the standard ports 80 and 443.

URL Scope

Configure which URLs the scanner should include or exclude. The URL scope settings in your scan profile control:

Protocol: By default, the scanner follows redirects between HTTP and HTTPS
Paths: Include and exclude specific URL path prefixes
Query parameters: The scanner tests discovered query parameters as potential injection points
Fragment identifiers: The headless Chrome crawler processes hash-based routes for SPAs

Request Throttling

Request throttling controls the rate at which the scanner sends requests to your application. This setting helps you balance scan speed against application load.

Configuring Throttle Rate

The throttle rate is specified in requests per second (RPS). Consider the following when setting your throttle:

Application capacity: Ensure your application can handle the additional load from scanning alongside normal traffic
Shared environments: If your staging environment shares resources with production, use a lower RPS
Scan duration: Lower RPS means longer scan times. A full scan at a low throttle rate may take significantly longer

Throttling Best Practices

Start with a moderate throttle rate and monitor your application’s response times during the scan
If you see increased error rates or latency, reduce the RPS
For dedicated test environments with no real user traffic, you can increase the RPS to speed up scans
The scanner respects 429 Too Many Requests responses and backs off automatically

Scan Data Retention

Default Retention Period

Scan data is retained for 365 days by default. This includes:

Detailed scan results with request/response data
Crawl maps showing discovered pages and endpoints
Finding proof-of-concept data
Scan metadata (duration, pages crawled, requests sent)

After the retention period, detailed scan data is removed. Finding summaries and status history are preserved for longer-term tracking.

What is Retained After Expiration

Finding titles, severity, and status history
Summary statistics for each scan
Trend data for reporting purposes

What is Removed After Expiration

Raw HTTP request and response data
Proof-of-concept payloads and responses
Detailed crawl maps
Individual page-level scan data

Scanner Behavior

JavaScript Execution

The headless Chrome crawler executes JavaScript by default. This is essential for testing modern web applications. JavaScript execution cannot be disabled, as it is fundamental to the scanner’s ability to discover and test dynamic content.

The scanner maintains cookies across requests within a scan session, including session cookies set during authentication. Cookies set by the application are preserved and sent with subsequent requests, just as a real browser would behave.

Redirect Following

The scanner follows HTTP redirects (301, 302, 307, 308) up to a reasonable limit. Redirect chains are tracked to detect open redirect vulnerabilities.

Form Interaction

The crawler identifies and interacts with forms it discovers, filling in fields with test data to discover additional application states. The scanner avoids submitting forms that appear to perform destructive actions (delete, remove, cancel) unless those paths are explicitly included in the scope.

Next Steps

Scan Profiles — Configure scope and scheduling
Troubleshooting — Resolve scanning issues
Results — Review scan findings