Skip to main content

Scan Concept

This is what you're here for. After configuring your target, you will want to run scans against it. You can either start a one off scan, or schedule one for later - recurring or not.

During the scan, we will crawl the site and run several modules to check for security issues, which we call findings. You can check the findings even before a scan ends. If everything goes well, the scan will complete and that is it.

With some findings, our automated processes may have difficulties determining if it is a false positive or a legitimate issue. In these instances, a scan will be marked as under review, and we will further analyze the finding before making a decision. We will only show findings that, for some degree of confidence, are true positives. A finding that we are not sure of will never be displayed.

As much as we try to prevent it, a scan (or a sub-module) can malfunction. If this happens, a scan is marked as:

  • "failed": the problem was irrecoverable.

During a scan, we try to determine what frameworks you are using and add this information to the site and asset objects discussed previously.