Even I am trying to use McAfee FS for detecting web application vulnerabilities.
I scanned a web server by providing "application URL" and credentials which are used to manage that site. But the scan did not detect any vulnerabilities reg web application.
I want to know what kind of credentials can be used to get vulnerabilities reg web application
This is configured under credentials in the scan configuration.
from the online help
Web application credentials
McAfee Vulnerability Manager 7.5 can use credentials to authenticate itself to a Windows, UNIX, or infrastructure host. This allows the FSL scripts to access web applications.
Web application credential details
Select this account type to use domain credentials for accessing web applications within the specified domain.
Type a domain name (e.g. yourdomain.com).
Select this account type to use credentials for a specific server running a web application.
Select this account type to use credentials when either the Web Domain or Web Server credentials do not work.
Web Application URL
Select this account type to use credentials for a specific web application URL.
The Web Application URL field requires a URL (example: http://www.hostname.com). To ensure the credentials are applied to the correct asset, the URL in the Web Application field should match the URL entered on the Targets page of the scan configuration.
Access authentication by using a username and password, where the password is sent unencrypted.
Access authentication by using a username and password, where the password is encrypted.
A Microsoft authentication protocol.
Form based authentication that could include a number of fields and values for authentication.
Certificate authentication, which includes attaching the certificate to the scan configuration.