Welcome to Probely!
In this getting started, you will be guided through all the steps needed to start using Probely’s DAST to scan a web app for security vulnerabilities.
In a nutshell, you will do the following steps:
Sign up to Probely.
Follow the onboarding flow.
Check the scan coverage.
Check the findings.
Let’s see these steps in detail.
Step 1: Sign up to Probely
First of all, you need to sign up to create an account in Probely:
Open your browser, go to https://probely.com, and click on SIGN UP on the homepage.
Type in your email and click on SIGN UP.
You will receive a verification email. Click on VERIFY EMAIL.
Fill out the form and click on CREATE ACCOUNT.
And your account is created! Follow on to the next step to start scanning a target.
Step 2: Follow the onboarding flow
Once your account is created, you will land on Probely’s welcome wizard:
Click on NEXT.
Select My own target, and click on NEXT.
Select Web, and click on NEXT.
Add your first target and click on NEXT.
In this case, the target information is:Target name: TestFire
Target URL: https://demo.testfire.net
When adding your own target, we need to make sure you have ownership over your domain so that scan requests are not interpreted as malicious attacks. Whenever possible, this verification happens automatically; when that is not viable, you must prove ownership of your domain. In this case, the onboarding wizard provides an extra step that guides you through that process.
Alternatively, you can install a scanning agent to allow us to reach your target (the onboarding wizard will also help you with that).
Once done, click on NEXT.
Click on SCAN to start scanning your target.
At this point, you should have a success page.
Step 3: Check the scan coverage
The previous page redirects you to the target’s SCAN RESULTS page, where you can follow the evolution of the target scan.
When the target scan ends, you can click on the CRAWLING REPORT button to check the scan coverage.
In this report, you can check the URLs reached and compare them with what you expected for your application. You can also check the obtained HTTP response codes for each URL to spot any issues.
Step 4: Check the findings
On the SCAN RESULTS page, scroll down to see the list of findings. These are the security vulnerabilities identified during the target scan.
You can click on each finding to learn its details, such as the CVSS score, the definition of the vulnerability, how to fix it, etc. This information will help you better understand the context of each finding so that you can take action accordingly.
And that’s it!
With these simple steps, you can already assess your applications' security, identify where the vulnerabilities are, and understand and plan your work to secure your applications.
To learn more, start with this article in the Help Center about Targets from A to Z. Then, explore Probely features to become more efficient and effective with your security scans.