Scan Policy Editor
The Invicti Scan Policy Editor can be used to fine tune web application security scans so they take less time to complete, consume less bandwidth and produce more accurate scan results. Using the Scan Policy Editor, you can modify existing, or create new, Scan Policies external documentation, and granularly specify across every vulnerability category which vulnerability security tests external documentation should run:
• For example, it is possible to enable or disable specific cross-site scripting vulnerability variants (rather than enabling every single one, as before) • The same applies for all other vulnerability category, such as SQL Injection external documentation
The Scan Policy Editor also allows us to ship extra signatures in the near future. For example, there will be signatures to bypass certain WAFs (web application firewall), and if you are using a WAF then you can customize your policy and enable those extra checks. If you are not then your scan will not generate extra requests since the security tests for web application firewalls will be disabled.
When possible, Invicti will also automatically optimize active configuration on the fly according to the target website for these extra signatures.
In Invicti Standard, this is achieved by the Invicti Assistant external documentation feature.
For further information, see Configuring Scan Policies external documentation.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center