Astra Security
Go to website
Back
Articles on:Getting Started (Pentest)
How to run a vulnerability scan on your application

Categories

  • General Questions (Pentest)
  • Getting Started (Pentest)
  • Integrations (Pentest)
  • General Questions (WebPro)
  • Getting Started (WebPro)
  • Configuring Security (WebPro)
  • Malware Scanner (WebPro)
  • Booster Rules (WebPro)
  • Troubleshooting (WebPro)
  • Account & Billing
  • Legal & Security
  • How to configure the Astra Vulnerability Scanner?
    You can configure the Astra Vulnerability Scanner in a few steps using the Scanner Setup workflow. Enter details about your target so that the scanner can login, optimize for your technology and have maximum scan coverage. Open the workflow by clicking on the Set up Scanner on the All Targets page, or from the Settings page for the target.Few readers
  • Should I run a vulnerability scan on Production or Staging environment?
    Before you start a vulnerability scan or pentest, it is important to choose the environment you want to target. Choosing between a production or non-production environment is a balance to find between getting the most out of the pentest and reducing the risks. Below is a summary of the pros and cons for each alternative. Production Environment Pros You get a security assessment of the real target, which is available to users and to potential attackers Allows testing ofFew readers
  • How to verify ownership of an application?
    To run a vulnerability scan on your application, you will have to verify that you own the application or domain being scanned. This is required to prevent any unauthorized user to run a scan on your applications & uncover the vulnerabilities.  On the My Projects page, click on "Get Started" next to your project name and navigate to the verification step. There are 3 different methods to verify your ownership: DNS Verification File UploadFew readers
  • How to record a login sequence with Astra Login Recorder Chrome extension
    If you have authentication set up on your target, you can configure Astra to scan behind login like an authenticated user. You can Recording a Login Sequence using Astra's Google Chrome Extension, which will be replayed during your scan. Step 1 - Download the Chrome Extension (https://storFew readers
  • How to scan applications with restricted access
    When running a vulnerability scan on a target with restricted access - you might have to update your security rules to allow our scanners access. Such restrictions are commonly seen on staging, or testing environments. My target is secured with HTTP Basic Authentication If your target is secured with HTTP BasicFew readers
  • How to schedule scans?
    To go to the Schedule Scans window, Click on "Settings" on the secondary navigation bar to open the Settings page. Scroll down to the Schedule Scans tile and click on "Schedule Scan". Creating a schedule Give a name to the schedule Select the correct timezone Choose the scan mode you want tFew readers
  • How to fix Scan Behind Login errors?
    If you have configured the Scan Behind Login feature but the login recording is giving errors, it could be because of the following reasons listed below: Login page is protected by a Captcha CAPTCHA solutions are designed to stop automated systems, and only allow human beings. It is often seen that these block automated vulnerability scanners. Solution 1: Disable the captcha verification IfFew readers
  • How to mark a vulnerability as a false positive & exclude it from future scans
    If you find that a vulnerability reported by the automated scanner is a false positive, you can report it to us and also exclude it from being flagged in subsequent scans. How to report a false positive Open the vulnerability that you believe is a false positive, scroll down and click on the Mark false positive button NowFew readers
  • How to use the Exclude URLs feature
    What is the Exclude URLs feature? The exclude URLs feature allows users to specify certain URLs that should be excluded from the vulnerability scanning process. This is useful for situations when some critical endpoints exist on a website which should not be tested by automated scanners or when a known vulnerability exists on a specific page, but the user does not want to address it at this time. How to use the Exclude URLs feature? Begin by launching your vulnerability scanner andFew readers

Not finding what you are looking for?

Chat with us or send us an email.

  • Chat with us
  • Send us an email
© 2023Astra Security