Monitoring: Web App Scan Levels

The Zeguro security scanner offers multiple scan levels that vary based on the depth of scanning performed. The appropriate scan level is determined by factors such as the complexity of your web app, the type/amount of data it processes, and the frequency of scanning you choose (more frequent scans are typically done with a lower scan level to avoid placing too much burden on your infrastructure).

Comparing Scan Levels

 

Web Page Config (SSL encryption, HSTS, and cookie settings)

Basic web app vulnerabilities (XSS, SQL Injection) Deep HTTP request checking, using POST/PUT/DELETE/UPDATE methods Full payloads (dummy data used to simulate what an attacker might try)
Lightning X      
Normal X  X  X  X 

 

Scan Level Details

  • Lightning scans usually run in under a minute and check for SSL/TLS, HTTP headers and cookies attribute related vulnerabilities.
  • Normal profile tests for all the vulnerabilities we support, with a larger set of payloads than the one used in the safe profile, for some tests. It also has no restrictions about which methods it uses.
Have more questions? Submit a request