The <WasScan> element includes sub elements used to define a web application scan. A reference of these elements is provided below. An asterisk * indicates a complex element.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
The scan ID. This element is assigned by the service and is required for a certain type of request (details, status, results or cancel). |
|
id |
Optional |
text |
The user-defined scan name (maximum 256 characters). |
|
name |
Optional |
text |
The target of the scan. The target includes the web application and authentication records, if any. <scannerAppliance> - type (keyword) is set to INTERNAL for a scanner appliance, or EXTERNAL for external scanners or scannerTags for assigning multiple scanner appliances grouped by asset tag. If the type is INTERNAL, friendlyName (text) is the user-defined appliance name. </webAppAuthRecord> - Specify <id> set to an auth record ID, or <isDefault> set to true (to use the default auth record for the target web app). Example: target.webApp is required <target> <webApp> <id>323126</id> </webApp> <webAppAuthRecord> <id>1054</id> </webAppAuthRecord> <scannerAppliance> <type>Internal</type> <friendlyName>dp_scanner</friendlyName> </scannerAppliance> <cancelOption>DEFAULT</cancelOption> </target> |
|
target* (for single web application) |
Optional |
cancelOption |
<cancelOption> set to DEFAULT - Forces the use of the target web app’s cancelScans option if set, else fall back to the one passed in to the API while launching the scan. <cancelOption> set to SPECIFIC - Always use the cancel scan option passed while launching the scan. <target.authRecordOption> set to SPECIFIC -Always use the authRecord passed while launching the scan. <target.authRecordOption> set to DEFAULT-Forces the use of the authRecord, if set, else fall back to the one passed in to the API while launching the scan. <target.profileOption> set to SPECIFIC-Always use the optionProfile passed while launching the scan. <target.profileOption> set to DEFAULT-Forces the use of the optionProfile if set, else fall back to the one passed in to the API while launching the scan. <target.scannerOption> set to SPECIFIC-Always use the scanner passed while launching the scan. <target.scannerOption> set to DEFAULTForces the use of the scanner if set, else fall back to the one passed in to the API while launching the scan. <target.randomizeScan> (Boolean) - Set to true to scan the selected web applications in random order. Set to false to scan the selected web application in sequential order. target.tags (For MultiScan)-- ---target.tags.included.option(ALL/ANY) is required, ---target.tags.included.tagList is required, only <set> is allowed for target.tags.included.tagList. --- target.tags.included.tagList.set.Tag.id is required and should be valid ---Only target.tags.exclusive is not allowed, it must be with target.tags.inclusive ---If target.tags.excluded is present, all the above rules are applicable to it Example: Either target.webApps or target.tags is required and these are mutually exclusive. target.webApps (For MultiScan)- Only <set> is allowed for target.webApps <webApps> <set> <WebApp> <id>4330527</id> </WebApp> <WebApp> <id>4330327</id> </WebApp> </set> </webApps> target.tags (For MultiScan)- <tags> <included> <option>ALL</option> <tagList> <set> <Tag><id>12017424</id></Tag> <Tag><id>12017228</id></Tag> </set> </tagList> </included> <excluded> <option>ANY</option> <tagList> <set> <Tag><id>12017228</id></Tag> </set> </tagList> </excluded> </tags> |
|
target* (for multiple web application) |
Optional |
keyword |
The scan type: VULNERABILITY or DISCOVERY. |
|
type |
Optional |
boolean |
Set to false to disable scan complete email notifications. Example:<sendMail>false</sendMail> |
|
sendMail |
Optional |
boolean |
Set to false to disable scan complete email notifications. Example:<sendMail>false</sendMail> |
|
sendOneMail |
Optional |
boolean |
Set to false to disable scan complete email notifications. Example:<sendMail>false</sendMail> |
|
profile.id |
Optional |
integer |
The name of the option profile that includes scan settings. The service provides the profile “Initial WAS Options” and we recommend this to get started. Example: <profile> <name>Initial WAS Options</name> </profile> |
|
proxy.id |
Optional |
integer |
The name of the option profile that includes scan settings. The service provides the profile “Initial WAS Options” and we recommend this to get started. Example: <profile> <name>Initial WAS Options</name> </profile> |
|
dnsOverride.id |
Optional |
integer |
The DNS override record for scanning the target web application. Example: <dnsOverride> <id>67890</id> </dnsOverride> |
|
Scanner Appliance |
integer |
The IP address of the external scanner appliance, when an external scanner is used. |
|
|
mode |
keyword |
The mode of the scan: ONDEMAND, SCHEDULED or API. |
|
|
launchedDate |
date |
(The date and time when the scan was launched in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ). |
|
|
launchedBy* |
keyword |
The user who launched the scan. User properties include user ID, user login, first and last name. Example: <launchedBy> <id>123056</id> <username>username</username> <firstName><![CDATA[John]]></firstName> <lastName><![CDATA[Smith]]></lastName> </launchedBy> |
|
|
status |
keyword |
The status of the scan: SUBMITTED, RUNNING, FINISHED, ERROR, CANCELED, PROCESSING. |
|
|
endScanDate |
date |
The date and time when the scan ended in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ). |
|
|
summary |
The scan summary. <crawlTime> is the length of time used to crawl the web application. <testDuration> is the length of time used to perform analysis. <nbRequests> is the number of requests sent during the scan. <authStatus> is the authentication status (NONE, NOT_USED, SUCCESSFUL, FAILED or PARTIAL) Example: <summary> <crawlTime>22.0</crawlTime> <testDuration>112.0</testTime> <linksCrawled>17</linksCrawled> <nbRequests>3814</nbRequests> <os>Windows XP SP2</os> <resultsStatus>RESULTS_PROCESSED_SUCCESSFULLY</resultsStatus> <authStatus>NO_AUTH</authStatus> </summary> |
||
|
vulns |
The list of detected vulnerabilities. Each <WasScanVuln> element identifies a particular vulnerability QID and the URI where detected, each <WasScanVulnInstance> element identifies a vulnerability instance, and each <WasScanVulnInstancePayload> element identifies associated payloads. |
||
|
igs |
The detected information gathered. Each <WasScanIg> element identifies a particular information gathered QID. |
||
|
sensitiveContents |
The detected sensitive content. Each <WasScanSensitiveContent> element identifies a particular sensitive content QID and the URI where detected, each <instances> element identifies a sensitive content instance, and each <WasScanSensitiveContentInstancePayLoad> element identifies associated payloads. |
||
|
stats |
The statistics gathered by the scan: the total number of vulnerabilities, the number of vulnerabilities by severity level, information gathered by severity level, and the number of vulnerabilities by group, OWASP, and WASC. |
||
|
cancelWithResults |
boolean |
A flag to indicate if the scan to be canceled should retain partial scan results or not. The parameter is supported for a single scan, only a child scan (but not a parent scan). We recommend you to use this parameter only after 20 minutes of scan goes into Running status. Example: <WasScan> <cancelWithResults>true</cancelWithResults> </WasScan> |