How to configure the Astra Vulnerability Scanner?
You can configure the Astra Vulnerability Scanner in a few steps using the Scanner Setup workflow. Enter details about your target so that the scanner can login, optimize for your technology and have maximum scan coverage. Open the workflow by clicking on the Set up Scanner on the All Targets page, or from the Settings page for the target.Few readersShould I run a vulnerability scan on Production or Staging environment?
Before you start a vulnerability scan or pentest, it is important to choose the environment you want to target. Choosing between a production or non-production environment is a balance to find between getting the most out of the pentest and reducing the risks. Below is a summary of the pros and cons for each alternative. Production Environment Pros You get a security assessment of the real target, which is available to users and to potential attackers Allows testing ofFew readersHow to verify ownership of an application?
To run a vulnerability scan on your application, you will have to verify that you own the application or domain being scanned. This is required to prevent any unauthorized user to run a scan on your applications & uncover the vulnerabilities. On the My Projects page, click on "Get Started" next to your project name and navigate to the verification step. There are 3 different methods to verify your ownership: DNS Verification File UploadFew readersHow to record a login sequence with Astra Login Recorder Chrome extension
If you have authentication set up on your target, you can configure Astra to scan behind login like an authenticated user. You can Recording a Login Sequence using Astra's Google Chrome Extension, which will be replayed during your scan. Step 1 - Download the Chrome Extension (https://storFew readersHow to scan applications with restricted access
When running a vulnerability scan on a target with restricted access - you might have to update your security rules to allow our scanners access. Such restrictions are commonly seen on staging, or testing environments. My target is secured with HTTP Basic Authentication If your target is secured with HTTP BasicFew readersHow to schedule scans?
To go to the Schedule Scans window, Click on "Settings" on the secondary navigation bar to open the Settings page. Scroll down to the Schedule Scans tile and click on "Schedule Scan". Creating a schedule Give a name to the schedule Select the correct timezone Choose the scan mode you want tFew readersHow to fix Scan Behind Login errors?
If you have configured the Scan Behind Login feature but the login recording is giving errors, it could be because of the following reasons listed below: Login page is protected by a Captcha CAPTCHA solutions are designed to stop automated systems, and only allow human beings. It is often seen that these block automated vulnerability scanners. Solution 1: Disable the captcha verification IfFew readersHow to mark a vulnerability as a false positive & exclude it from future scans
If you find that a vulnerability reported by the automated scanner is a false positive, you can report it to us and also exclude it from being flagged in subsequent scans. How to report a false positive Open the vulnerability that you believe is a false positive, scroll down and click on the Mark false positive button NowFew readersHow to use the Exclude URLs feature
What is the Exclude URLs feature? The exclude URLs feature allows users to specify certain URLs that should be excluded from the vulnerability scanning process. This is useful for situations when some critical endpoints exist on a website which should not be tested by automated scanners or when a known vulnerability exists on a specific page, but the user does not want to address it at this time. How to use the Exclude URLs feature? Begin by launching your vulnerability scanner andFew readers