Web Application Scanning (WAS)
- Ryan Seymour
You can find this module at the Company level only.
ConnectSecure Web Application Scanner is a security testing tool developed based on the OWASP (Open Web Application Security Project) standards to identify security vulnerabilities in web applications. It is widely used during development, testing, and pre-deployment phases to ensure web applications are secure from potential threats.
Identify and assess vulnerabilities within web applications that attackers could exploit. Automatically scan for common security issues such as SQL injection, cross-site scripting (XSS), and authentication weaknesses.
Generate detailed reports outlining discovered vulnerabilities, their severity, and recommended remediation strategies.
This tool assists in prioritizing security measures, ensuring web applications are resilient against potential threats, and maintaining compliance with security standards.
Web Application Scanner - Table of Contents
Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure
Web Application Scanner - Overview
Access the Web Application Scanner from the company-level module, Cloud Assessments.
Web Application Scanner - Details
Configurations
This is where you Add, Edit, Remove, and manually Scan the configured endpoints.
Tap the three-dot Action menu to access the Edit, Remove, and Scan Now options.
Use the Add button to create a new endpoint to scan.
Complete all the required fields as shown below.
Field | Description |
|---|---|
Name | Give the entry a name of your choice; describe what you are scanning |
URL | Enter the URL of the web application to scan; you must enter the prefix to include https:// or http:// |
Exclude Paths | Enter any path(s) to exclude during the scan; this should include the full URL with prefix (leave blank for none) |
Include Paths | Enter any path(s) to include during the scan; this should include the full URL with prefix (leave blank for all) |
Scan Type | Choose from Passive or Active (see below for info) |
Spider Type | Select Spider or Spider Ajax (see below for info) |
Parse robots.txt | Select to include analyzing the robots.txt file contents Example: domain.com/robots.txt |
Parse sitemap.xml | Select to include analyzing the sitemap.xml file contents Example: domain.com/sitemap.xml |
Duration | Enter the max duration for a scan |
Scan Later | Check this box to scan later based on the Scheduler or a manual scan |
What is a Passive Scan? (Non-Intrusive)
A Passive Scan is a non-intrusive scan where ConnectSecure monitors the traffic (HTTP requests and responses) between the client and the server without actively manipulating anything.
It does NOT alter, modify, or attack the application.
It simply observes the traffic and identifies vulnerabilities like:
Missing Security Headers (like CSP, HSTS, X-Frame-Options)
Information Disclosure (like server version, X-Powered-By)
Cookie without Secure/HttpOnly Flag
Open Directories
Weak TLS/SSL Configurations
When to Use a Passive Scan
When you want to test without ‘breaking’ the application.
During the initial setup, identify low-risk issues.
It’s useful in production environments.
Limitations
Can not test for critical vulnerabilities like SQL injections, XSS, etc.
Only finds surface-level weaknesses.
What is an Active Scan? (Intrusive)
An Active Scan is a full-fledged attack simulation where ConnectSecure actively tries to exploit vulnerabilities.
It will attempt to inject malicious payloads to test vulnerabilities like:
SQL Injection (SQLi)
Cross-site Scripting (XSS)
Path Traversal
Remote Code Execution (RCE)
File Upload Vulnerabilities
Command Injection
Broken Authentication / Session Management
This is where ConnectSecure behaves like a malicious attacker and aggressively tests your application
When to Use an Active Scan
During penetration testing (Pen-Test).
In a development or testing environment where breaking the application is acceptable.
Before deploying the application to production.
Limitations:
It can break the application or delete records.
You should never run Active Scan on Production systems.
What is a Spider scan? (Traditional Spidering)
A Spider Scan crawls the web application to discover all its URLs, forms, and endpoints.
It works similarly to web crawlers (like Googlebot).
The Spider Scan will:
Find all pages, sub-pages, endpoints, and API calls.
Identify hidden directories.
Collect all parameters and query strings.
How Spider Works
It follows all available links to traverse the entire web application (like <a href>, <form action>)
It stops if it encounters JavaScript-heavy websites (Single Page Applications)
When to use Spider Scan?
During the initial reconnaissance phase.
When you need to map the application’s structure.
Limitations
It struggles with JavaScript-heavy websites or SPA.
Cannot find endpoints hidden behind JavaScript.
What is an Ajax Spider scan? (For Dynamic Web Apps)
Ajax Spider is designed to crawl modern web applications that use JavaScript, AJAX, and dynamic content loading (like ReactJS, AngularJS, VueJS, etc.).
It uses headless browsers (like Firefox) to simulate how an end-user interacts with the website.
How Ajax Spider Works?
It opens the website like a real browser (using headless Firefox).
It interacts with buttons, pop-ups, forms, dynamically loaded content, and more.
It’s designed explicitly for Single Page Applications (SPAs).
When to Use Ajax Spider Scan?
When you have a JavaScript-heavy web application.
When the traditional Spider Scan cannot find some endpoints.
Limitations
It consumes more time.
It may miss endpoints if heavy JavaScript interactions are required.
What is robots.txt?
A robots.txt file is a plain text file located at the root of a website (e.g., https://example.com/robots.txt). It follows the Robots Exclusion Protocol (REP) and provides instructions to web crawlers on which pages or directories they can or cannot access.
What is sitemap.xml?
A sitemap.xml is an XML file that helps search engines and crawlers understand the structure of a website. It lists URLs along with optional metadata such as last modification date, change frequency, and priority.
Best Practice Scan Combinations Based On Scenarios
Scenario | Scan Combination | Use Case |
|---|---|---|
Initial Scan (Recon) | Spider + Passive Scan | To identify surface-level weaknesses and gather all endpoints. |
Full Security Testing | Spider + Active Scan | To perform complete vulnerability testing. |
JavaScript Applications (SPA) | Ajax Spider + Active Scan | For dynamic web applications. |
Regression / Automated Scan | Ajax Spider + Passive Scan | Quick continuous testing without harming the application. |
Results
View the web application scanner configuration results here.
Tap on the URL to see the Scan History table data, which includes the last date/time the scan ran, the duration of the scan, and the count of vulnerabilities.
Click the updated date/time stamp to see the details. Use the Word icon to print and view a report.
Tap on the description (ID) to see details about the finding.
Tap the vulnerabilities links to see the corresponding OWASP and CWE threat sources.
There is also a built-in toggle to view the findings in a table view style.
Web Application Scanner - Action Toolbar Overview
Web Application Scanner - Action Toolbar Details
Jobs
Tap to view the web application scanner-related jobs data.
Alerts
Tap to view the timeline style of System Events with filtering options.
Info
Tap to view the Getting Started info; see the link below for additional information.
https://cybercns.atlassian.net/wiki/x/MIDKfw
Need Support?
You can contact our support team by emailing support@connectsecure.com or visiting our Partner Portal, where you can create, view, and manage your tickets.
https://cybercns.freshdesk.com/en/support/login
