Engine

There is a number of options to help you configure the actual tests to be performed by the Scanner.

Spider Sitemaps

Sitemaps files such as robots.txt and sitemap.xml are specialized files which help search engines discover site content. The scanning engine automatically read these files and identifies resources to be included as part of the test. Turn this option off to ignore sitemap files.

Templatised Request Cap

This option controls the number of similar requests which will be processed by the testing engine. For example, a single app may contain many URLs and forms which lead to the same location but with different request parameters.

A form may have a select drop-down with 195 countries. The parameter may not have any noticeable effect on the response after sampling it up-to the "Templatised Request Cap" value. Therefore, once this threshold is reached, no further similar requests will be made. As a result, the scanning engine will run a lot faster.

Parameterized Request Cap

This option defines the total number of requests which contains the same parameter names but with different values. The option will ensure that no additional requests will be tested beyond the cap value.

Scan Finders

The testing engine is capable of automatically discovering hidden files and folders. You can turn this behavior off with this option.

Security Tests

The Scanner provides a number of security test categories. All categories are included by default. You can turn off categories which should not be covered.

For example, if the application does not use SQL database for a backend, you can turn off the SQL Injection category. This will improve the performance of the Scanner.