Skip to main content

Creating Web Application Scan

Overview

DeepTraQ enables organizations to perform web application vulnerability assessments to identify security risks in public-facing applications and APIs. The platform provides automated scanning capabilities to detect common vulnerabilities such as SQL injection, cross-site scripting (XSS), and security misconfigurations.

With flexible scan configuration and intelligent reporting, users can easily create and run scans tailored to their application architecture and security requirements. DeepTraQ helps security teams continuously monitor and protect web applications without impacting production environments.

This documentation explains how to configure and launch a web application vulnerability scan using the DeepTraQ dashboard.

Supported Targets

Web application scans can be performed on:

  • Public web applications
  • APIs (REST/HTTP-based)
  • Staging or test environments
  • Internal applications (if accessible)

Example test target:

Prerequisites

  • The target web application must be accessible from the scanning environment
  • Ensure proper authorization before scanning production systems
  • (Optional) Test targets or staging environments are recommended for safe testing

Scan Configuration

DeepTraQ allows users to configure scans with flexible parameters to match their testing requirements.

During scan configuration, users define:

  • Target URL (web application or API endpoint)
  • Scan name and description
  • Tags for organization and tracking
  • Scanner types and detection capabilities
  • Advanced scan options
  • Reporting and AI analysis settings

These parameters ensure accurate and controlled vulnerability assessment.

Target Configuration

Users provide the target application URL to begin scanning.

Example:

DeepTraQ uses this target to crawl the application and identify potential vulnerabilities across accessible endpoints.

Scanner Types

DeepTraQ supports multiple scanner types for web application testing.

Unauthenticated Scan

An unauthenticated scan analyzes publicly accessible areas of a web application without requiring login credentials.

This scan detects:

  • OWASP Top 10 vulnerabilities
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Security misconfigurations

This is ideal for identifying risks in external-facing applications.

Scan Parameters & Detection Settings

Users can configure detection settings based on application architecture and security requirements.

This includes:

  • Scan depth and coverage
  • Crawl behavior
  • Request handling
  • Detection sensitivity

These settings help balance scan accuracy and performance.

Advanced Options

Advanced configuration allows optimization of scan coverage and behavior.

This includes:

  • Handling dynamic content
  • Managing redirects and sessions
  • Configuring safe scanning limits
  • Avoiding disruption to production systems

AI Assistant Options

DeepTraQ provides optional AI-powered reporting to enhance scan results.

Users can enable AI features such as:

  • Vulnerability summaries
  • Executive-level insights
  • Risk prioritization

These insights help translate technical findings into actionable outcomes.

Scheduling Options

Scans can be executed immediately or scheduled for automation.

Available execution modes include:

  • Run scan immediately
  • Schedule scan for a specific time
  • Configure recurring scans

This enables continuous security monitoring.

Steps

  1. Navigate to Web Application Scans → Create Scan in the DeepTraQ dashboard
  2. Enter the scan name and description
  3. Provide the target URL (e.g., http://testasp.vulnweb.com)
  4. Add relevant tags for organization
  5. Configure scan parameters and detection settings
  6. Select the scanner type (e.g., Unauthenticated Scan)
  7. Configure advanced options if required
  8. Enable AI-powered reporting for insights
  9. Configure scan scheduling (run now or schedule)
  10. Review the complete scan configuration
  11. Click Create Scan to launch the scan

Field Reference

FieldDescriptionExample
Target URLThe web application endpoint to scanhttp://testasp.vulnweb.com
Scan NameUnique identifier for the scanWeb App Security Scan
DescriptionPurpose of the scanOWASP vulnerability test
TagsLabels for organizationweb, production
Scanner TypeType of scan performedUnauthenticated Scan
Scan ParametersControls scan behavior and depthFull Crawl
AI AssistantAI-based analysis and reportingEnabled
Execution ModeImmediate or scheduled scanRun Now
  • Creating a Web Application Scan
  • Understanding Web Scan Results
  • Managing Web Vulnerabilities
  • Configuring Scan Parameters