The Zeguro security scanner offers multiple scan levels that vary based on the depth of scanning performed. The correct scan level will be driven by such factors as the complexity of your web app, the type/amount of data it processes, and the frequency of scanning you choose (more frequent scans usually are a lower level to avoid placing too much burden on your infrastructure).
Web Page Config (SSL encryption, HSTS, and cookie settings)
|Basic web app vulnerabilities (XSS, SQL Injection)||Deep HTTP request checking, using POST/PUT/DELETE/UPDATE methods||Full payloads (dummy data used to simulate what an attacker might try)|
Detailed scan level descriptions
- Lightning scans usually run in under a minute and check for SSL/TLS, HTTP headers and cookies attribute related vulnerabilities.
- Normal profile tests for all the vulnerabilities we support, with a larger set of payloads than the one used in the safe profile, for some tests. It also has no restrictions about which methods it uses.