Astra Security
Go to website
Back
Articles on:Getting Started (Pentest)
How to run a vulnerability scan on your application

Categories

  • Pentest
  • Target
  • Compliance
  • Checkout
  • Vulnerabilities
  • Dashboard
  • Certificate
  • Workspace Settings
  • Reports
  • Automations
  • Account Settings
  • Continuous Scan
  • General Questions (Pentest)
  • Getting Started (Pentest)
  • Integrations (Pentest)
  • Configuring Security (WebPro)
  • Troubleshooting (WebPro)
  • Account & Billing
  • Legal & Security
  • Scanner Rules Knowledge Bundle
  • API Endpoints
  • Why am I not receiving the OTP for Astra Login?
    Troubleshooting: Not Receiving Two-Factor Authentication Codes in Email If you are an Astra customer and are not receiving the two-factor authentication (2FA) OTP code in your email, follow these steps to resolve the issue. Check Your Inbox Search your email inbox for messages from no-reply@getastra.email. Sometimes, these emails can end up in the inbox but might be missed. Check Spam Folder Emails containing authentication codes may sometimes be marked as spam by youPopular
  • What are the steps involved in adding a team member on DigitalOcean?
    Login to the control panel. Click Settings to go to the team settings tab. The Members section lists the team’s current membership. Click the Invite Members button. Enter the email address of the account that you want to invite. Click Invite team members. By default, the invitee is assigned a Member role. If you used an existing account, enter it'Popular
  • What are the steps involved in creating a security auditor role in AWS?
    How to create a security auditor role in AWS? Sign in to the AWS Management Console and open the IAM console via this link. In the navigation pane, click on Users. In the Users list, click on the Add Users button. Enter the desired name in the User name field under User deSome readers
  • Should I run a vulnerability scan on Production or Staging environment?
    Before you start a vulnerability scan or pentest, it is important to choose the environment you want to target. Choosing between a production or non-production environment is a balance to find between getting the most out of the pentest and reducing the risks. Below is a summary of the pros and cons for each alternative: Production Environment Pros You get a security assessment of the real target, which is available to users and to potential attackers Allows testing ofSome readers
  • How to export your APIs' definition files?
    To export your Postman Collection as a collection file, follow these steps: Click the options menu next to your API collection in Postman. Choose Export. Click Export in the dialog box that opens. Change the save file location and click Save. (https://storage.crisp.chat/users/helpdesk/Some readers
  • What are the steps involved in adding a Reader Role in AZURE?
    Getting Started with Azure: Assigning Reader Role & Preparing for Security Review Create an Azure AD Service Principal To streamline the review process, it would be helpful to create a Service Principal and provide the following: You can create a Service Principal using the Azure CLI: for more info please follow the official documentation of azure: here (https://learn.microsSome readers
  • What are the steps involved in signing a Android application?
    Signing an APK file A signed APK is required to test the installation process of your application. An unsigned APK throws errors in the installation process To sign your APK file, follow these steps: Open you project in Android Studio, and click on Generate Signed APK in the Build menu Click Next in the dialog box (https://storage.crisp.chat/users/helpdesk/website/2e017dSome readers
  • What are the steps involved in adding a Viewer Role in GCP?
    Access the Google Cloud Console via this link. Select the project you want to work with from the project dropdown located in the top bar. Navigate to the IAM & Admin page by clicking on IAM from the left navigation bar. At the tSome readers
  • How to scan applications with restricted access
    When running a vulnerability scan on a target with restricted access - you might have to update your security rules to allow our scanners access. Such restrictions are commonly seen on staging, or testing environments. My target is secured with HTTP Basic Authentication. If your target is secured with HTTP BasicSome readers
  • What are the steps involved in signing a iOS application?
    Signing an IPA file A signed IPA is required to test the installation process of your application. An unsigned IPA throws errors in the installation process To sign your IPA file, follow these steps: Open you project in XCode, and select Archive in the Product menu Click on Export buttonSome readers
  • How to fix Scan Behind Login errors?
    If you have configured the Scan Behind Login feature but the login recording is giving errors, it could be because of the following reasons listed below: Website is not reachable Solution 1: The website is behind a firewall If you are hosting the web asset behind a firewall for security reasons, you have the option to whitelist the scanner IPs to facilitate scans within a restricted environment. That wFew readers
  • How to mark a vulnerability as a false positive & exclude it from future scans
    If you find that a vulnerability reported by the automated scanner is a false positive, you can report it to us and also exclude it from being flagged in subsequent scans. How to report a false positive Open the vulnerability that you believe is a false positive from the Vulnerabilities tab From the vulnerability window, scrolFew readers
  • How to record a login sequence with Chrome DevTools recorder?
    Puppeteer, in combination with the Chrome DevTools Recorder, offers a seamless way to capture the login sequence of any web application. Follow these steps to record the login sequence for uploading to our dashboard. Step 1: Open Chrome in Incognito Mode Open Google Chrome To open a new incognito window, either:    * Use the keyboard shortcut Ctrl + Shift + N (Windows/Linux) or Cmd + Shift + N (Mac)    * Click on the three dots in the top-right corner, then select New incognitoFew readers
  • How to use the Exclude URLs feature
    What is the Exclude URLs feature? The exclude URLs feature allows users to specify certain URLs that should be excluded from the vulnerability scanning process. This is useful for situations when some critical endpoints exist on a website which should not be tested by automated scanners or when a known vulnerability exists on a specific page, but the user does not want to address it at this time. How to use the Exclude URLs feature? Begin by launching your vulnerability scanner anFew readers
  • How can I track the progress of a pentest?
    You can track the progress and estimated time of completion for pentests & vetted automated scans from the Astra dashboard. After you request a pentest or vetted scan, our security analysts will analyze your application and provide an estimate completion date. This will help you have a clear understanding of when to expect results. Scan Deadlines Visibility and Notifications Once the deadline is seFew readers
  • How do I get started with Astra's Pentest dashboard for Mobile Applications?
    Getting started with Astra for mobile apps You can easily set up the Astra Dashboard in a few simple steps using the Scanner Setup workflow. Just provide the necessary details about your target, allowing the scanner to log in, optimize for your technology, and achieve the highest scan coverage possible. Initiate the workflow by clicking on the Get started option. (https://storage.crisp.chat/users/helpdesk/website/2e017d0dc14f2800/screenshot-2023-07-27-0924Few readers
  • Can I configure a target using a custom HTTP Host Header?
    Astra currently does not support customizing the host header of the target. The host header is determined based on the target URI being scanned. Solution If you want to set up a target using a load balancer host with a custom host header, you can: Assign a domain or sub-domain to the load balancer in your infrastructure If you are yet to verify the target URI, you can directly update the new target URI in the Astra Dashboard If the target URI has been verified already, please creaFew readers
  • Is Astra available for on-premises deployment?
    As of now, Astra is not available for on-Prem deployment.Few readers
  • How do I get started with Astra's Pentest dashboard for API?
    Getting started with Astra for API's You can easily set up the Astra Dashboard in a few simple steps using the Scanner Setup workflow. Just provide the necessary details about your target, allowing the scanner to log in, optimize for your technology, and achieve the highest scan coverage possible. Initiate the workflow by clicking on the Get started option. (https://storage.crisp.chat/users/helpdesk/website/2e017d0dc14f2800/screenshot-2023-07-29-1216481gbFew readers
  • Creating a service account in Google Cloud Platform (GCP)
    Creating a service account in Google Cloud Platform (GCP) involves a few steps. Here's a clear guide: Step 1: Sign in to Google Cloud Console Go to GCP Console Select your project or create a new one. Step 2: Navigate to the IAM & Admin Section In the left-hand menu, go to "IAM & Admin" → "Service Accounts". Step 3: Create the Service Account Click the "Create Service Account" button. Fill in the followFew readers

Not finding what you are looking for?

Chat with us or send us an email.

  • Chat with us
  • Send us an email
© 2025Astra Security