The <OptionProfile> element includes sub elements used to define an option profile. A reference of these elements is provided below. An asterisk * indicates a complex element.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
The ID of the option profile. |
|
name |
Optional |
text |
The name given to the option profile. |
|
tags |
Optional |
|
Filter by tags applied. |
|
tags.id |
Optional |
integer |
ID of the tag assigned to option profile. |
|
tags.name |
Optional |
text |
Tag name assigned to option profile. |
|
createdDate |
Optional |
date |
The date when the option profile was created in WAS, in UTC date/time format. |
|
updatedDate |
Optional |
date |
The date when the option profile was updated in WAS, in UTC date/time format. |
|
usedByWebApps |
Optional |
boolean |
Web applications used/not used by the option profile. |
|
usedBySchedules |
Optional |
boolean |
Scan schedules used/not used by the option profile. |
|
owner.id |
Optional |
Long with operator: EQUALS, IN, NOT EQUALS, GREATER or LESSER |
ID of the owner who created the option profile. |
|
owner.name |
Optional |
text |
Full name of the user who created the option profile. |
|
owner.username |
Optional | text |
Username of the owner who created the option profile. (like user_ab3). |
|
isDefault |
Optional |
Default option profile for the subscription |
|
|
formSubmission |
Optional | keyword |
Type of form: None, Post, Get, POST& GET |
|
maxCrawlRequests |
Optional |
Total number of links and forms to follow and test within the scan scope. If performing a Discovery Scan, this is the maximum links that will be crawled, as there will not be any testing performed |
|
|
userAgent |
Optional |
Stores the browser and OS details. |
|
|
parameterSet |
Optional |
A parameter set tells us the request parameter settings you would like us to inject into your web applications during scanning. We provide a default one and it is easy to configure more. Once defined just select the parameter set name in your scan's option profile. |
|
|
ignoreBinaryFiles |
Optional |
If you choose these option files with extension zip, pdf, doc are not scanned. |
|
|
performance |
Optional | keyword |
Scan Intensity: LOWEST, LOW, MEDIUM, HIGH, MAXIMUM. |
|
customPerformance* |
Optional |
Configure the custom intensity level for web application scans. Example: <customPerformance> Note: performance and customPerformance are mutually exclusive parameters and cannot be used together. You can use only either of them for an option profile. |
|
|
numOfHttpThreads |
Optional | integer |
Number of threads to be used to scan each host. The valid range is from 1 to 10. |
|
delayBetweenRequests |
Optional | integer |
The duration of delay introduced by WAS in between the scanning engine requests sent to the applications server. The valid range is from 0 to 2000 milliseconds. |
|
bruteforceOption |
Optional |
The level of brute forcing you prefer with options ranging from "Minimal" to "Exhaustive". |
|
|
bruteforceList |
Optional | keyword: User List/SYSTEM LIST |
System list: we'll attempt to guess the password for each detected login ID. User list: to select a bruteforce list defined in your account . |
|
numberOfAttempts |
Optional |
The threshold to be reached before stopping the scan. If you deactivate this settings, the scan will keep running no matter how many errors it will find. |
|
|
detection |
Optional | keyword |
Select if scans launched with this profile shall perform a full assessment for all WAS detections the engine is able to discover, or if the scan shall focus on the detection of specific vulnerabilities and/or information: Core, Categories, Custom Search list, XSS Power Mode, Everything. If <detectionScope> is present then the detection scope = CORE or EVERYTHING <detection> If <includedSearchLists> or <excludedSearchLists> are present then the detection scope = CUSTOM If <detectionCategories> is present then the detection scope = CATEGORY if <xssPowerMode> is true then the detection scope = XSS Note: The <includedSearchLists>, <excludedSearchLists>, <detectionCategories>, <xssPowerMode>, <detectionScope> elements are mutually exclusive elements. |
|
sensitiveContent |
Optional |
Credit Card Numbers, Social Security Numbers (US), Custom Contents. |
|
|
keywordsUrlSearch |
Optional | text |
Specify keywords in the form of strings and regular expressions to search for URL links that contains the specified keyword. Currently, we search for keywords only in the internal links that are found in the crawling phase for target web applications in a Discovery/Vulnerability scan. You can enter a maximum of 10 keywords where each keyword appears on a separate line. A keyword should be 5 to 200 characters long. During a Discovery/Vulnerability scan, we search for these keywords in the internal links and report all the unique links that contain the specified keywords in the Get Finding Details API output under information gathered QID 150141. Note that we show the crawled links under QID 150009. |
|
enhancedCrawling |
Optional | boolean |
Improve scan coverage for your web application with the enhanced crawling enabled. We will re-crawl individual directories present in the links which are found during crawling. For example, if the following link is found during crawling: https://www.example.com/foo/abc/xyz/register.php If the enhanced crawling is enabled, it will first make a request to https://www.example.com/foo/abc/xyz and will then remove the directory "xyz/" from the URL and crawl, https://www.example.com/foo/abc/ and later it will further remove "abc/" and will crawl https://www.example.com/foo/. All the links found during this process of removal and re-crawling will get added to the crawl queue thus improving the scan coverage. |
|
comments |
Optional |
User-defined comments. |