When creating a scan, user must specify two required pieces of information, which are the targeted website and the profile to scan. A profile defines internal configurations of the scanner and the vulnerabilities to be scanned. On the same website, depending on its profiles’ properties and amount of vulnerabilities, each website’s security analysis time will vary.
Currently, CyStack Scanning supports these types of profiles:
- Full Audit: Scan and detect general security issues for one web application.
- OWASP TOP 10: Scan and detect dangerous vulnerabilities in the OWASP TOP 10 standards.
- Web Infrastructure: Scan and detect vulnerabilities in the infrastructure of the web application, the possibility of data leakage, information in configuration, version & identity of the web application.
- Fast Scan: Scan and early detect serious and common security vulnerabilities in Web applications.
- Drupal: Scan and detect vulnerabilities on the Drupal platform.
- WordPress: Scan and detect vulnerabilities on the WordPress platform.