Scan Profiles & Supported Scanners for Web Application
Overview
Web Application Security Scanning in DeepTraq helps detect and remediate vulnerabilities across web applications and APIs before they can be exploited by attackers.
DeepTraq provides multiple scanning methods to identify security weaknesses such as OWASP Top Ten vulnerabilities, misconfigurations, exposed services, and software vulnerabilities.
This guide explains how to configure and run a Web Application Security Scan within the DeepTraq platform.
Available Security Scanners
DeepTraq provides multiple scanning options depending on the level of testing required.
Unauthenticated Scan
The Unauthenticated Scan assesses publicly accessible web applications and APIs without requiring login credentials.
This scan focuses on identifying OWASP Top Ten vulnerabilities in publicly exposed endpoints.
Authenticated Scan
The Authenticated Scan performs deeper security testing using valid credentials to access protected areas of your web application.
This scan allows DeepTraq to identify vulnerabilities that are only visible after authentication.
Rapid Web Threat, Misconfig, and CVE Scanner
This scanner performs comprehensive vulnerability detection across:
- Web applications
- Infrastructure components
- Known vulnerabilities (CVEs)
- Security misconfigurations
It is designed for broad security coverage and quick threat identification.
OWASP ZAPI Web and API Scanner
The OWASP ZAPI Scanner actively tests web applications and APIs for both common and advanced vulnerabilities.
It identifies issues such as:
- Injection vulnerabilities
- Cross-site scripting (XSS)
- Security misconfigurations
- Authentication weaknesses
OpenAPI Spec Testing
The OpenAPI Specification Testing option validates API functionality, performance, and security based on your OpenAPI specification.
This ensures that APIs behave securely and as expected according to the defined API schema.