Defense.com

Defense.com's App Scanner allows you to regularly assess your web applications for vulnerabilities and is the perfect supplement to regular human-led penetration tests, without the expensive day rates. 

From the my.defense.com dashboard, select Protection

From the App Scanning show page, click + Add Scan in the top right-hand corner

Configure the scan by completing all the required fields, including the URL of the application you'd like to scan, selecting a Minimum confidence level and a Scan template

When you're happy with your selections, hit the Add Site button at the bottom of the page

1. From the my.defense.com dashboard, select Protection 
2. Next, select App Scanning
3. From the App Scanning show page, click + Add Scan in the top right-hand corner
4. Configure the scan by completing all the required fields, including the URL of the application you'd like to scan, selecting a Minimum confidence level and a Scan template
5. When you're happy with your selections, hit the Add Site button at the bottom of the page

Allowing app.scanner.defense.com or 74.220.22.174 through your firewall may be required to ensure the scanner returns the best possible results.

Our App Scanner currently offers two different scan templates (Base and Full), which perform different checks to varying degrees of depth.

Is a low-risk option, designed for scanning live production applications. It analyses traffic and performs passing checks only, looking for issues such as missing security headers, outdated libraries, or exposed information.

Is a more aggressive scan which will look to replicate common attack techniques and expose issues such as XSS and SQL injection. As a result, it can trigger security systems or generate log data, which means it should be used with caution on production systems. 

The minimum confidence level allows you to control the issues reported during a scan. This is based on how certain the scanner is that the issue exists, given the results of the checks performed. The options available are:

- False positive 
- Low 
- Medium 
- High 
- Confirmed

Selecting False Positive would result in the scanner reporting all issues, including those checked and found not to exist within the application being scanned. Whereas selecting Confirmed would only return issues validated by the scanner and confirmed as present within the application.

Once a scan has been set up, you'll be automatically redirected to the scan show page, where you can click Start Scan

Alternatively, from the my.defense.com dashboard, select Protection

Finally, click the Run app scan now button in the Actions column

1. Once a scan has been set up, you'll be automatically redirected to the scan show page, where you can click Start Scan
2. Alternatively, from the my.defense.com dashboard, select Protection
3. Next, select App Scanning
4. Finally, click the Run app scan now button in the Actions column

Once a scan is complete (how long this will take depends on the size and complexity of the application, the scan template selected, and the minimum confidence level), threats will be created in your threat management interface. To access these:

From the my.defense.com dashboard, select Threats from the left-hand navigation

Finally, on the threat index page, use the filters to filter by the Type: App Scan

1. From the my.defense.com dashboard, select Threats from the left-hand navigation 
2. Next click Threat List 
3. Finally, on the threat index page, use the filters to filter by the Type: App Scan

From here you'll be able to view a description of the issue found and step-by-step remediation advice. For further information on how to manage your threats, please see <a href="https://help.defense.com/en/articles/5411677-how-to-manage-your-threats-with-the-defense-com-threats-list">this guide.</a>

And that's it! 🎉 You've successfully performed an app vulnerability scan.

Learn how to get started with App Scanning and quickly identify weaknesses in your web applications.

How to get started with App Scanning

Privacy notice

Cookie policy

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

How to get started with App Scanning

Setting up a scan

Selecting a scan template

Selecting a minimum confidence level

Performing a scan

Viewing the scan results