Target Configuration

Configuration

This setting specifies the server location for the scanner.

Choosing the right scanner location is one of the first things to consider. The server where the scanner runs should ideally be as close as possible to your target application. This reduces network latency, speeds up the scan, and minimizes disruptions that could affect the quality of the results. The closer the scanner server is to your target host, the more reliable and faster your scan will be.

Technology Stack

This setting defines the technologies used in your application.

The technology stack setting allows you to select both the front-end and back-end technologies used in your application, such as PHP, Java, Python, ASP.NET, etc. For instance, if your application is built using PHP for the back-end and React for the front-end, selecting these technologies will help the scanner in multiple ways. This primarily enables ZeroThreat AI to tailors its remediation steps to the underlying techstack.

Different technologies have different security challenges and vulnerabilities. ZeroThreat AI can use this to provide the most relevant remediation steps.

Authentication Template

This setting enables you to manage and create login sequences.

All the login steps recorded by ZeroThreat Chrome Recorder, will show up here. Here you can record new login sequences, ensuring the scanner has the necessary access to these restricted areas. Without this, traditional scanners won’t be able to scan these parts of your app like user dashboards, admin panels, and protected resources, leaving potential vulnerabilities undiscovered.

Allow Hosts

This setting enables you to add external hosts that your application communicates with.

Allow Hosts lets you specify external or internal hosts, APIs, and services that are part of your application but hosted on different domains. For example, if your app communicates with third-party APIs or authentication services, you’ll want to add those hosts to the scan scope. This ensures the scanner will test all the necessary interactions between your application and other external services, giving you a more complete security assessment.

Omitting these from the scan could leave vulnerabilities in these external components unchecked, which could compromise your entire application.

Request Headers

This setting allows you to add custom headers to HTTP requests made during the scan.

Some applications require specific HTTP headers to interact with the back-end properly, such as authorization tokens, API keys, or content types. This setting ensures that those headers are sent with the requests, allowing the scanner to communicate with the application in the same way a legitimate user or service would.

In addition, adding custom request headers can help differentiate scanner traffic from real user traffic in your logs. For example, you might add a unique header like X-Scanner-User: ZeroThreat to clearly identify requests made by the scanner. This helps in monitoring and troubleshooting by making it easier to distinguish between genuine user activity and automated scans.

Adding the correct request headers can be important because in some scenarios failing to do so may cause the scanner to be blocked or treated as a bot, leading to incomplete or invalid scan results.

Ignore URIs

This setting allows you to exclude specific URIs from the scan.

Ignore URIs allows you to specify certain parts of your application that should be ignored by the scanner. This is useful when there are areas of your application that you don’t want to be scanned, such as pages that are not relevant to security testing, or areas that are out of scope for your current scan.

For example, you might want to exclude certain administrative pages, user-specific dashboards, or testing environments.

Ignoring non-critical or irrelevant URLs helps speed up the scan and avoids unnecessary scans of low-value endpoints. It also protects sensitive areas from being scanned unnecessarily.

Configured your target? Now head over to Quick Scan Guide to start your scan.