Web Application Security Scanning
Overview
Web Application Security Scanning in DeepTraq helps detect and remediate vulnerabilities across web applications and APIs before they can be exploited by attackers.
DeepTraq provides multiple scanning methods to identify security weaknesses such as OWASP Top Ten vulnerabilities, misconfigurations, exposed services, and software vulnerabilities.
This guide explains how to configure and run a Web Application Security Scan within the DeepTraq platform.
Prerequisites
Before starting a web application security scan, ensure the following:
- Active DeepTraq user account
- Access to the target web application or API
- Required permissions to initiate vulnerability scans
- Valid credentials available (for authenticated scans)
Accessing Web Application Scans
To begin scanning your web applications:
- Navigate to Web Application Scanning
- Click Start New Scan
- Select the security scanner appropriate for your assessment
- Configure scan settings
- Start the scan
Selecting a Security Scanner
DeepTraq provides multiple scanning options depending on the level of testing required.
Unauthenticated Scan
The Unauthenticated Scan assesses publicly accessible web applications and APIs without requiring login credentials.
This scan focuses on identifying OWASP Top Ten vulnerabilities in publicly exposed endpoints.
Authenticated Scan
The Authenticated Scan performs deeper security testing using valid credentials to access protected areas of your web application.
This scan allows DeepTraq to identify vulnerabilities that are only visible after authentication.
Rapid Web Threat, Misconfig, and CVE Scanner
This scanner performs comprehensive vulnerability detection across:
- Web applications
- Infrastructure components
- Known vulnerabilities (CVEs)
- Security misconfigurations
It is designed for broad security coverage and quick threat identification.
OWASP ZAPI Web and API Scanner
The OWASP ZAPI Scanner actively tests web applications and APIs for both common and advanced vulnerabilities.
It identifies issues such as:
- Injection vulnerabilities
- Cross-site scripting (XSS)
- Security misconfigurations
- Authentication weaknesses
OpenAPI Spec Testing
The OpenAPI Specification Testing option validates API functionality, performance, and security based on your OpenAPI specification.
This ensures that APIs behave securely and as expected according to the defined API schema.
Configuring Authentication Credentials
If performing an Authenticated Scan, you must configure valid login credentials.
Steps
- Enter authentication credentials
- Configure login endpoints
- Verify authentication method
- Continue to scan configuration
This allows DeepTraq to test security within authenticated application workflows.
Configuring Scan Settings
After selecting the scanner and authentication options, configure detailed scan settings.
Available Options
- Scan Options – Customize vulnerability assessment parameters
- Scan Frequency – Schedule recurring scans for continuous monitoring
- Source Code Repository Integration – Link your repository for deeper security analysis
These options help tailor the scan to your organization's security requirements.
Starting the Web Application Security Scan
Once configuration is complete:
- Review all scan settings
- Confirm scan configuration
- Click Create Scan
DeepTraq will begin the web application security assessment, analyzing the target application for potential vulnerabilities.
Monitoring Scan Results
After initiating the scan:
- Navigate to Web Application Scanning → Scan Results
- Monitor scan progress
- Review identified vulnerabilities
- Follow recommended remediation steps
DeepTraq provides detailed vulnerability insights and guidance to help security teams quickly resolve security issues.
Best Practices
To maintain secure web applications:
- Perform regular vulnerability scans
- Use authenticated scans for deeper coverage
- Monitor APIs for security weaknesses
- Integrate source code repositories for advanced analysis
- Remediate high-risk vulnerabilities immediately