Your First Scan
Launch your first security assessment and understand the results.
Creating a Scan
From your dashboard, click New Scan and configure:
Target URL
The base URL of your application (e.g., https://app.example.com)
Scan Profile
- Quick: 5-10 minutes, surface-level checks
- Standard: 30-60 minutes, comprehensive testing
- Deep: 2-4 hours, exhaustive analysis
Scope
Define which paths to include or exclude from testing
Scan Phases
Every scan progresses through these phases:
1
Discovery
Crawling and mapping your application's attack surface
2
Analysis
Identifying potential vulnerability patterns and inputs
3
Attack
Executing safe payloads to confirm vulnerabilities
4
Reporting
Generating findings with remediation guidance
Understanding Results
Each finding includes detailed information:
- Severity: Critical, High, Medium, or Low based on impact and exploitability
- Description: What the vulnerability is and why it matters
- Location: Exact URL, parameter, or code path affected
- Evidence: Proof of concept or request/response data
- Remediation: Step-by-step fix instructions
- References: Links to CWE, OWASP, and other resources
Next Steps
After your first scan:
- Review and triage findings by severity
- Create GitHub Issues for tracking
- Fix vulnerabilities starting with Critical/High
- Re-scan to verify fixes
- Set up scheduled scans for continuous monitoring