Scan Navigation Sequence Only

Navigation Sequence Only

The Navigation Sequence Only Scan in ZeroThreat allows you to scan specific sections or functionalities without scanning the entire site. By recording your navigation through selected areas, this feature ensures that only the pages you visit are scanned, providing a targeted security assessment.

How to Perform a Navigation Sequence Only Scan?

1. Select Your Target

From the ZeroThreat dashboard, click Scan the Target and choose the web application you wish to scan. Next change the scanning server if required.

Scan The Target

2. Under the Authenticated Scan Section

Now under the Scan Method, click on Start New Authenticated Scan () button. This will launch your target web application in a new tab, along with the ZeroThreat Recorder Chrome window.

Dashboard

Visit Troubleshooting: Extension Not Opening if the extension doesn't open automatically in new tab along with target.

3. Configure the Recorder

Once the extension is loaded, start by clicking on the Stored Sequence Authentication button. This feature allows ZeroThreat to store and replay your authentication details, making it ideal for scheduled scans and DevOps automation.

Choose Scan Authentication Method

Next you’ll have two options Full Scan or Scan Navigation Sequence Only. A Full Scan covers the entire web application, while a navigation sequence-only scan focuses solely on the pages you visit during recording.

Choose Scan type

Click the Start Recording () button to begin recording. The ZeroThreat Recorder will capture all your actions as you interact with the application.

Sequence Recording Started

4. Log In and Navigate the Target Application

As the recording begins log in to the target application using your credentials.

Login to the target application

After logging in, navigate through the specific sections or functionalities you want to scan. The Recorder will track these interactions, ensuring the scan is limited to only the visited pages—it won’t crawl or test beyond what you navigate. For our example we will scan the Course List section and visit all the pages and functionalities related to it.

Visiting Course List

When you’ve finished navigating the desired sections in our example the Course List functionality, click Stop Recording() to stop the recording. You’ll see an overview of your recorded sequence.

5. Configure the Template Information

After stopping, an overview and configuration for the template will open.

Review Recorded Template Information

Here configure the following:

• Name the Template: Assign a meaningful name to your recording for easy reference later.

Authentication Sequence Name

• Choose the Content Rendering Type: Select whether the application uses server-side rendering (e.g., WordPress, PHP, ASP.NET) or client-side rendering (e.g., Angular, React, Vue).

Rendering Engine Type

• Optionally, exclude certain hosts from being scanned. This is useful for skipping hosts with sensitive data or third-party integrations.

Allowed Hosts

6. Review and Start the Scan

After reviewing the recording information you will have two options.

Save template

• Click Save and Exit() to store the recording sequence for later use.
• Click Save and Start Scan() to launch the scan immediately using your selected scan server.

7. Monitor the Scan

The scan will start immediately and you can track its progress and view results in the Scans section or Recent Scans section in the ZeroThreat portal.

Recent Scans

Tips & Cautions

• Focused Navigation: Only navigate the sections you want scanned. Unnecessary actions may include unintended pages in the recording.
• Host Exclusion: Use the exclude hosts feature to avoid scanning sensitive or third-party resources unintentionally.

"Need help understanding your scan results? Visit the Scan Results section for detailed guidance.