We have 4 different scan profiles:

  • lightning
  • safe
  • normal
  • full

Lightning scans usually run in under a minute and check for SSL/TLS, HTTP headers and cookies attribute related vulnerabilities.

The safe profile tests for all the vulnerabilities we support, but with a limited set of payloads, to reduce the possible impact on the target application.
The scanner will not make POST, PUT, DELETE or UPDATE requests, however our crawler will still make requests with these methods if there are actions that trigger them.

The normal profile tests for all the vulnerabilities we support, with a larger set of payloads than the one used in the safe profile, for some tests. It also has no restrictions about which methods it uses.

The full profile includes all the tests from the normal profile, plus an even larger set of payloads.

Did this answer your question?