Skip to main content

Getting Started with Snyk API & Web

New to Snyk API & Web? Follow this short tutorial to start scanning a web app and find its security vulnerabilities.

Ana Pascoal avatar
Written by Ana Pascoal
Updated over a month ago

Welcome to Snyk API & Web!

In this getting started, you will be guided through all the steps needed to start using Snyk API & Web to scan a web app for security vulnerabilities.

In a nutshell, you will do the following steps:

  1. Sign up to Snyk API & Web.

  2. Follow the onboarding flow.

  3. Check the scan coverage.

  4. Check the findings.

Let’s see these steps in detail.

Step 1: Sign up to Snyk API & Web

First of all, you need to sign up to create an account in Probely:

  1. Open your browser, go to https://probely.com, and click on Sign up on the homepage.

  2. Type in your email and click on Sign up.

  3. You will receive a verification email. Click on Verify email.

  4. Fill out the form and click on Create account.


And your account is created! Follow on to the next step to start scanning a target.​

Step 2: Follow the onboarding flow

Once your account is created, you will see some best practices for deploying DAST, and then land on Snyk API & Web's welcome flow:

  1. Click on Next.


  2. Select My own target, and click on Next.

  3. Select Web, and click on Next.

  4. Add your first target and click on Next.

    In this case, the target information is:

    1. Target name: Example

    2. Target URL: https://example.com

    When adding your own target, we need to make sure you have ownership over your domain so that scan requests are not interpreted as malicious attacks. Whenever possible, this verification happens automatically; when that is not viable, you must prove ownership of your domain. In this case, the onboarding flow provides an extra step that guides you through that process.

    Alternatively, you can install a scanning agent to allow us to reach your target (the onboarding flow will also help you with that).


    Once done, click on Next.

  5. Click on Scan to start scanning your target.

At this point, you should have a success page.

Step 3: Check the scan coverage

The previous page redirects you to the target’s Scan results page, where you can follow the evolution of the scan.

You can download the Preliminary crawling report during the scan to take a look at the scan coverage thus far; once the scan ends, you can download the complete Crawling report.

In this report, you can check the URLs reached and compare them with what you expected for your application. You can also check the obtained HTTP response codes for each URL to spot any issues.

Step 4: Check the findings

On the Scan results page, scroll down to see the list of findings. These are the security vulnerabilities identified during the target scan.

You can click on each finding to learn its details, such as the CVSS score, the definition of the vulnerability, how to fix it, etc. This information will help you better understand the context of each finding so that you can take action accordingly.

And that’s it!

With these simple steps, you can already assess your applications' security, identify where the vulnerabilities are, and understand and plan your work to secure your applications.

To learn more, start with this article in the Help Center about Targets from A to Z. Then, explore Snyk API & Web features to become more efficient and effective with your security scans.

Did this answer your question?