Enter a name for the web application. You can enter a maximum 256 characters.
Initially, the user who adds the web application is the owner by default. You can edit the web application after it is saved and select another user in your subscription as the owner.
Enter the URL of the target web application. For REST APIs scanning, enter the URL of the Swagger file (Swagger version 2 in JSON format is currently supported).
Tip - For a secure URL, click http:// to switch to https:// You can enter a maximum of 2048 characters.
You've selected Limit to URL hostname. This means we'll limit crawling to the hostname within the URL, using HTTP or HTTPS and any port.
Let's say your starting URL is http://www.test.com.
What links WILL be crawled - All links discovered in www.test.com domain will be crawled. Also note that http://www.test.com/* (* as a wildcard here) will be crawled. All links discovered in http://www.test.com/support and https://www.test.com:8080/logout, etc. will be crawled.
What links WILL NOT be crawled - No links will be followed from sub-domains of www.test.com. This means http://www2.test.com. and/or http://sub1.test.com/ will not be crawled.
You've selected Limit to content located at or below URL subdirectory. This means we'll crawl all links starting with a URL subdirectory using HTTP or HTTPS and any port.
Let's say your starting URL is http://www.test.com/news.
What links WILL be crawled - All links starting with http://www.test.com/news will be crawled. Also http://www.test.com/news/headlines and https://www.test.com:8080/news/ will be crawled.
What links WILL NOT be crawled - Links like http://www.test.com/agenda and http://www2.test.com will not be crawled.
You've selected Limit to URL hostname and specified sub-domain. This means we'll crawl only the URL hostname and one specified sub-domain, using HTTP or HTTPS and any port.
Let's say your starting URL is http://www.test.com/news/ and the sub-domain is sub1.test.com.
What links WILL be crawled - All links discovered in www.test.com and in sub1.test.com and any of its sub-domains will be crawled. Also these domains will be crawled: http://www.test.com/support, https://www.test.com:8080/logout, http://sub1.test.com/images/ and http://videos.sub1.test.com.
What links WILL NOT be crawled - Links whose domain does not match the web application URL hostname or is not a sub-domain of sub1.test.com will not be followed. This means http://videos.test.com will not be crawled.
You've selected Limit to URL hostname and specified domains. This means we'll crawl only the URL hostname and specified domains, using HTTP or HTTPS and any port.
Let's say your starting URL is http://www.test.com/news/ and the specified domains are sub1.test.com and site.test.com.
What links WILL be crawled - All links discovered in www.test.com and in sub1.test.com and all other domains specified will be crawled. This means these domains will be crawled: http://www.test.com/support, https://www.test.com:8080/logout and http://sub1.test.com/images/.
What links WILL NOT be crawled - Links whose domain does not match web application URL hostname or one of the domains specified will not be followed. This means http://videos.test.com and http://videos.sub1.test.com will not be crawled.
Specify URLs you want the scan to crawl. This is useful for pages that are not directly linked to other pages within the application. For example, a registration link is e-mailed to the user and the user clicks through to the application registration page from the email. You can also include WSDL URLs for web services you want our service to crawl. Enter each URL on a separate line. Each entry must be a valid HTTP or HTTPS URL. In case of authenticated scan, ensure that you always put the login link as the first link. You can enter a maximum of 2048 characters for each URL. The URLs you enter must be consistent with the selected scope:
Limit to hostname. If this scope is selected, additional URLs must have the same FQDN or IP address as the starting URL.
Limit to sub-directories of the web application URL. If this scope is selected, additional URLs must be in the same path as the web application URL.
Follow links in a specific sub-domain. If this scope is selected, additional URLs must have the domain name specified in the Domain Name field.
Follow links to specific hosts. If this scope is selected, additional URLs must have domain names specified in the Domains field.
You can opt to define the target to be scanned: REST APIs (Swagger and non-Swagger based) or Burp Log file.
You can upload the Postman Collection exported file in JSON format and scan the REST APIs for vulnerabilities. Upload the Postman Collection File is mandatory whereas upload of Postman Environmental Variables and Postman Global Variables file is optional.
Upload the Swagger/OpenAPI file in JSON or YAML format to scan the REST APIs for vulnerabilities. You can upload one Swagger/OpenAPI file at a time. If you upload a second file, the new file will replace the old file. Learn more
Upload the Burp log file to tell us which links need to be crawled and tested. You can upload only one Burp file at a time. If you upload a second file, the new file will replace the old file.
An attribute (name/value) can be defined for your internal host ID or any other categorization method you want. Once defined it's easy to filter your web apps list by custom attribute - go to Filter Results (left panel) and enter the attribute. We show the custom attribute information (name/value) that you add here in the Web application and Scan reports.
An attribute (name/value) can be defined for your internal host ID or any other categorization method you want. If you select the "Overwrite..." check box we'll delete all previously set attributes on these web apps, and replace them with the new ones. Once defined, it's easy to filter your web apps list by custom attribute - go to Filter Results (left panel) and enter the attribute.
Enter the function of the web application. You can enter a maximum of 64 characters.
Enter the location of the web application. You can enter a maximum of 64 characters.
Enter a description of the business of the web application. You can enter a maximum of 2048 characters.