1 Reply Latest reply: May 13, 2013 4:56 PM by cgrim RSS

    Vulnerability Manager Web Scan


      Hi, we currently evaluating the VA web scan and we are having problem on how to perform the web scan.

      gone through the product guide but no much information on how to configure the scan settings.

      can someone share his experience how he configure the scan and what information is gathered to perform the scan.


        • 1. Re: Vulnerability Manager Web Scan

          Hi D,


          The Product Guide doesn't have much to go on, but the in-product help (click on the "?" in the specific section in the product) does explain each of the fields.  The diversity of all the different options for every website make it very hard to have a very comprehensive guide.


          It really depends on what you're trying to scan.  Does your Website require you to log in?  What sort of credentials do you need?  FORM based, or NTLM etc. (configured in the Credentials /  Web Application URL section) 


          Increasing the WebModule logging by adding the following registry  tweak:




          DWORD value "3"


          Restart ScanEngine Service.  Configure and scan...  after the scan you will have additional logs:

          fsa_<job string>.log

          They will show everything like the Request<>Response, and you can tell what our webmodule sends and what the website comes back with.  This helps in debugging and might give you some clues, if you're still stumped and need some help configuring the scan,  then it will be needed when you open a Service Request anyway.


          I hope that helps!