AppCheck operates a number of "pre-defined" scan profiles that customers can select using Scan -> New Scan in the scan portal.
It is possible to define a completely custom scan configuration using Scan -> New Scan Advanced instead, but the advantage of using a pre-defined scan profile configuration is that it has been tweaked for the most common scan scenarios. There are a large number of pre-defined scan configurations available. Two of the most common are Standard Scan and Penetration Test. Customers sometimes want to know exactly what differences these have.
The basic summary is that a penetration test is more thorough and has less assurance around not causing certain types of issues such as high volumes of emails potentially being sent from targeted "contact us" forms on webpage..
A penetration test profile scan is also more intensive and will take longer and check a wider range of vulnerabilities and configurations, including some potentially dangerous testing.
The more detailed differences are that the Penetration test, in contrast to a Standard Scan:
- Scans all paths found (Standard is more limited and provides more de-duplication in producing logical map)
- Performs a port scan of all ports for infra targets, including OS fingerprinting. This is incredibly intensive and takes a considerable amount of time
- Does not avoid scanning contact forms so could potentially be more dangerous/cause email spam
- Includes experimental checks
- Includes API WSDL file discovery
- Includes almost all Plugins enabled, including more esoteric ones, whereas Standard has the "most common" and does not test outliers/unusual stuff
The absolute difference between the two can be examined in more detail if needed by defining two scans, one using each scan profile, and comparing every single setting manually.