Each target type has its pros and cons, and it's all about what suits your needs best.

  • Under the Free option, you can run what we call Lightning scans. They are free and very fast scans (take less than a minute), so we’d suggest you include it into your CI pipeline or schedule a periodic scan. However, they only scan for a small subset of the vulnerabilities we find in other scanning profiles. Its value is to allow you to increase the security posture of your site and to show that you take security into account while developing your app. 

  • The Web option allows you to run full scans on your web application. These scans take a bit longer but are more thorough and cover a bigger spectrum of vulnerability types than the free scan. We recommend this option if you want to have a more serious security solution that will scan your site in detail.

  • And lastly, the API Target option allows you to scan standalone APIs without a supporting web application. If you want to assess the security of your API in detail, you should choose this option.

Did this answer your question?