Astra Security
Go to website
Back
Articles on:Getting Started (Pentest)
How to run a vulnerability scan on your application

Categories

  • Test
  • General Questions (Pentest)
  • Getting Started (Pentest)
  • Integrations (Pentest)
  • General Questions (WebPro)
  • Getting Started (WebPro)
  • Configuring Security (WebPro)
  • Malware Scanner (WebPro)
  • Booster Rules (WebPro)
  • Troubleshooting (WebPro)
  • Account & Billing
  • Legal & Security
  • OWASP ZAP Knowledge Bundle
  • Scanner Rules Knowledge Bundle
  • How to configure the Astra Vulnerability Scanner?
    You can configure the Astra Vulnerability Scanner in a few steps using the Scanner Setup workflow. Enter details about your target so that the scanner can login, optimize for your technology and have maximum scan coverage. Open the workflow by clicking on the Set up Scanner on the All Targets page, or from the Settings page for the target.Some readers
  • How to record a login sequence with Astra Login Recorder Chrome extension
    If you have authentication set up on your target, you can configure Astra to scan behind login like an authenticated user. You can Recording a Login Sequence using Astra's Google Chrome Extension, which will be replayed during your scan. Step 1 - Download the Chrome Extension (https://storFew readers
  • Should I run a vulnerability scan on Production or Staging environment?
    Before you start a vulnerability scan or pentest, it is important to choose the environment you want to target. Choosing between a production or non-production environment is a balance to find between getting the most out of the pentest and reducing the risks. Below is a summary of the pros and cons for each alternative. Production Environment Pros You get a security assessment of the real target, which is available to users and to potential attackers Allows testing ofFew readers
  • How to verify ownership of an application?
    To run a vulnerability scan on your application, you will have to verify that you own the application or domain being scanned. This is required to prevent any unauthorized user to run a scan on your applications & uncover the vulnerabilities.  On the My Projects page, click on "Get Started" next to your project name and navigate to the verification step. There are 3 different methods to verify your ownership: DNS Verification File UploadFew readers
  • How to scan applications with restricted access
    When running a vulnerability scan on a target with restricted access - you might have to update your security rules to allow our scanners access. Such restrictions are commonly seen on staging, or testing environments. My target is secured with HTTP Basic Authentication If your target is secured with HTTP BasicFew readers
  • How to schedule scans?
    Video Steps Textual Steps To go to the Schedule Scans window, Click on "Settings" on the secondary navigation bar to open the Settings page. Scroll down to the Schedule Scans tile and click on "Schedule Scan". Creating a schedulFew readers
  • How to fix Scan Behind Login errors?
    If you have configured the Scan Behind Login feature but the login recording is giving errors, it could be because of the following reasons listed below: Website is not reachable Solution 1: The website is behind a firewall If you are hosting the web asset behind a firewall for security reasons, we recommend configuring your proxy to allow all requests coming with a speciFew readers
  • How to mark a vulnerability as a false positive & exclude it from future scans
    If you find that a vulnerability reported by the automated scanner is a false positive, you can report it to us and also exclude it from being flagged in subsequent scans. How to report a false positive Open the vulnerability that you believe is a false positive, scroll down and click on the Mark false positive button NowFew readers
  • How to use the Exclude URLs feature
    What is the Exclude URLs feature? The exclude URLs feature allows users to specify certain URLs that should be excluded from the vulnerability scanning process. This is useful for situations when some critical endpoints exist on a website which should not be tested by automated scanners or when a known vulnerability exists on a specific page, but the user does not want to address it at this time. How to use the Exclude URLs feature? Begin by launching your vulnerability scanner andFew readers
  • What are the steps involved in creating a security auditor role in AWS?
    How to create a security auditor role in AWS? Sign in to the AWS Management Console and open the IAM console via this link. In the navigation pane, click on Users. In the Users list, click on the Add Users button. Enter the desired name in the User name field under User deFew readers
  • What are the steps involved in signing a Android application?
    Signing an APK file A signed APK is required to test the installation process of your application. An unsigned APK throws errors in the installation process To sign your APK file, follow these steps: Open you project in Android Studio, and click on Generate Signed APK in the Build menu Click Next in the dialog box (https://storage.crisp.chat/users/helpdesk/website/2e017dFew readers
  • How to export your APIs' definition files?
    To export your Postman Collection as a collection file, follow these steps: Click the options menu next to your API collection in Postman. Choose Export. Click Export in the dialog box that opens. Change the save file location and click Save. (https://storage.crisp.chat/users/helpdesk/Few readers
  • Can I configure a target using a custom HTTP Host Header?
    Astra currently does not support customizing the host header of the target. The host header is determined based on the target URI being scanned. Solution If you want to set up a target using a load balancer host with a custom host header, you can: Assign a domain or sub-domain to the load balancer in your infrastructure If you are yet to verify the target URI, you can directly update the new target URI in the Astra Dashboard If the target URI has been verified already, please creaFew readers
  • How can I track the progress of a pentest?
    You can track the progress and estimated time of completion for pentests & vetted automated scans from the Astra dashboard. After you request a pentest or vetted scan, our security analysts will analyze your application and provide an estimate completion date. This will help you have a clear understanding of when to expect results. Scan Deadlines Visibility and Notifications Once the deadline is seFew readers
  • What are the steps involved in creating a security auditor role in AZURE?
    Go to the Azure portal by visiting this link and sign in. Use the search bar at the top to search for Subscriptions. Select the subscription to which you want to grant access to the user. On the left-hand menu, click on Access control (IAM). Click on the + Add button at the top and choose Add role assignment. In the Role dropdownFew readers
  • What are the steps involved in creating a security auditor role in GCP?
    Access the Google Cloud Console via this link. Select the project you want to work with from the project dropdown located in the top bar. Navigate to the IAM & Admin page by clicking on IAM from the left navigation bar. At the tFew readers
  • What are the steps involved in adding a team member on DigitalOcean?
    Login to the control panel. Click Settings to go to the team settings tab. The Members section lists the team’s current membership. Click the Invite Members button. Enter the email address of the account that you want to invite. Click Invite team members. By default, the invitee is assigned a Member role. If you used an existing account, enter it'Few readers
  • What are the steps involved in signing a iOS application?
    Signing an IPA file A signed IPA is required to test the installation process of your application. An unsigned IPA throws errors in the installation process To sign your IPA file, follow these steps: Open you project in XCode, and select Archive in the Product menu Click on Export buttonFew readers
  • Is Astra available for on-premises deployment?
    As of now, Astra is not available for on-Prem deployment.Few readers
  • How do I get started with Astra's Pentest dashboard for API?
    Getting started with Astra for API's You can easily set up the Astra Dashboard in a few simple steps using the Scanner Setup workflow. Just provide the necessary details about your target, allowing the scanner to log in, optimize for your technology, and achieve the highest scan coverage possible. Initiate the workflow by clicking on the Get started option. (https://storage.crisp.chat/users/helpdesk/website/2e017d0dc14f2800/screenshot-2023-07-29-1216481gbFew readers
  • How do I get started with Astra's Pentest dashboard for Mobile Applications?
    Getting started with Astra for mobile apps You can easily set up the Astra Dashboard in a few simple steps using the Scanner Setup workflow. Just provide the necessary details about your target, allowing the scanner to log in, optimize for your technology, and achieve the highest scan coverage possible. Initiate the workflow by clicking on the Get started option. (https://storage.crisp.chat/users/helpdesk/website/2e017d0dc14f2800/screenshot-2023-07-27-0924Few readers

Not finding what you are looking for?

Chat with us or send us an email.

  • Chat with us
  • Send us an email
© 2023Astra Security