When you click on 'Start a Scan' button on Scan page, you'll be given a choice to run three types of scans. We've described below what each of these types of scans mean:
Automated Scan: Our ever evolving vulnerability scanner scans your application for vulnerabilities in this scan. You can choose to configure it to scan behind login too. Any possible vulnerability is reported by the scanner and the complete scan can take anywhere between 12-48 hours depending on the scope of the application you want to scan. The reported vulnerabilities could have false positives too. These types of scans are included in all our plans.
Automated Scan (Vetted): Vetted automated scan include everything within the Automated Scan + our security engineers carefully reviewing the results of the scan to ensure if there are any false positives, they're removed. The final report you see has no false positives as its review by the security engineers. Expert and Pentest plan include these types of scans.
You'll see status of the reported vulnerabilities as 'Under Review' in the case of Automated Vetted Scans.
Manual Pentest: Manual pentest comprise of automated vulnerability scan + vetted results + a complete penetration test by our security experts. In a pentest, our security experts uncover vulnerabilities which are logical flaws and often beyond the detection capabilities of automated scanners. The entire exercise takes a week or two depending on the scope. In the case of manual pentest, after automated scan completes a ticket is auto-generated where our security engineers get in touch with you requesting details for manual pentest if required. Our 'Pentest' plan covers these types of tests.
Updated on: 09 / 11 / 2022