Global Settings FAQs

How can I customize the exclusion list for a web application?How can I customize the exclusion list for a web application?

You can customize exclusion lists for your web application and ignore the global settings. While creating or editing a web application, in the exclusion lists, clear the check box using Global Settings assigned. Click Add Exclusions to add web application-specific exclusion lists. Learn more

What parameters can I add to the global exclusion lists?What parameters can I add to the global exclusion lists?

You can exclude specific parameters from testing to improve a scan’s efficiency and effectiveness. Exclusions can be defined for URL parameters, request body parameters or cookies. Check out these examples.

Is it possible to define an exclusion list at the application level and global level at the same time?Is it possible to define an exclusion list at the application level and global level at the same time?

Yes, It's possible to define an exclusion list at both levels. The global settings and web app settings are combined and applied during scanning. What are the steps? 1) Define global settings and web app settings, 2) In web app settings also select "Use Global Settings", and 3) start scans.

Which parameters can I add to the global exclusion lists?Which parameters can I add to the global exclusion lists?

You can add a type of parameter from the dropdown that is- ANY, COOKIE, POST, or URL. And then specify the name of the parameter.

What happens when you enable a global exclusion list for a web application and define an exclusion list for the same? What happens when you enable a global exclusion list for a web application and define an exclusion list for the same?

If you define the exclusion list for a web application and also enable the global settings for the exclusion list, the globally defined settings are implemented for the web application.