AppCheck is a powerful tool and may seem overwhelming to new users. However, setting up scans is a fairly simple process, which we will guide you through with the various tutorials in this section.
Determine the Type of Scan
The first consideration when creating a scan is the scan target; is it a web application, an item of infrastructure, or an API?
It is common to combine multiple types of scan as a way of adding extra value - your web application scan may also include a small infrastructure scan, your infrastructure scan may include small web application scans found on the scanned infrastructure, and you may choose to scan a front-end application and an API together. At this point, consider the main target of your scan.
Types of Scan Target
Web Application
A web application scan target will always take the form of a URL, and will always be accessed over HTTP or HTTPS. http://example.com and https://www.example.com are web application scan targets. To scan these, we would create a Web Application Scan.
Infrastructure
example.com is not a URL, it is simply a fully qualified domain name - it does not identify a web application, it identifies a server, and as such would be an infrastructure scan target. IP address ranges such as 192.0.2.0–192.0.2.255 or 203.0.113.0/24 are also infrastructure scan targets. To scan these, we would create one or more infrastructure scans.
ftp://example.com/ is a URL, but it does not use HTTP or HTTPS, and so is not a valid target and cannot be scanned. However, the host example.com could be scanned in an infrastructure scan and vulnerabilities may be detected in the FTP server.
API
API targets are URLs, and as such can be considered a subset of web application scan targets. https://api.example.com/v1/swagger.json is an API scan target. APIs can be scanned alone, using an API scan, or alongside a front-end application as a Single-Page Application scan (even if they are not strictly single-page applications).
Next
Once you have determined the type of scan you need, open the Creating Scans subsection on the left to learn how to create it.
Comments
0 comments
Article is closed for comments.