Getting Started
Manage Targets
Manage Scans
Manage Organizations
Organization Settings
Plans
On Prem
Target Configuration
Configuration
The Configuration section contains core settings that affect how the scanner runs against your target.
Scan Location
Use Scan Location to choose where the scan should run from. Selecting a scan location closer to your application can significantly reduce latency and improve overall scan performance.
This setting is especially useful when your application responds better to traffic originating from a nearby region. It is also essential when your application is only accessible from certain geographic locations, ensuring the scan can reliably reach your application regardless of geo-restrictions.
.png)
Target Tag
Use Target Tag to classify your target based on its environment. You can map the target to one of the following tags: Prod, Hotfix, Stage, or Dev. These tags help organize targets and apply behavior that better matches the selected environment.
When the Prod tag is selected, the scanner engine performs non-destructive, production-safe testing to ensure live environments are not disrupted during a scan.
The Prod tag may only be available in certain subscription plans. Refer to the Plans page for plan-specific availability.
Scan Single Tab Session
Some applications, especially those in financial, banking, or high-security environments, are designed to support only a single browser tab session at a time. If a user logs in and then opens the application in another tab, the existing session may expire or become invalidated.
Enabling Scan Single Tab Session tells ZeroThreat to treat the application as a single-tab environment. This ensures the scanner mimics real user behaviour by maintaining a single, consistent session throughout the scan, preventing unexpected session expiration or forced logouts.
Identity Login URL
Use Identity Login URL to define a centralized authentication URL for your target. This is helpful when authentication is handled through a separate identity provider or centralized login endpoint. Providing the identity login URL helps ZeroThreat understand where authentication begins for the application.
The Identity Login URL is the web address of the login page or authentication endpoint that handles sign-in for your application. This is typically a separate URL from the main application, commonly used when authentication is managed through an identity provider such as Okta, Azure AD, or a centralized SSO service.
Technology Stack
The Technology Stack section is used to define the technologies used by your application. Click the dropdown and select all technologies relevant to your target.
Choosing the correct technology stack helps ZeroThreat better understand your application context across multiple areas of the scan. This includes selecting technology-specific CVEs during testing, providing accurate remediation steps tailored to your environment, and generating a more meaningful executive summary for the scan report.
It is important to select only the technologies that actually apply to your application, as incorrect selections may result in irrelevant recommendations or skewed scan results.
Recorded Sequences
The Recorded Sequences section shows all login or browser sequences created for your target. All login steps recorded using the ZeroThreat Chrome Recorder will appear here, where you can view previously created sequences, record new ones, and manage existing ones as needed.
Without recorded sequences, the scanner can only reach publicly accessible parts of your application, leaving areas like user dashboards, admin panels, and protected resources untested and potentially vulnerable. Recorded sequences give the scanner the guided steps it needs to navigate through login flows and reach these protected areas.
Use Descriptive Names with Version Numbers
When naming templates, include version numbers (e.g., "Admin Scan v1.0" or "Login Sequence v2.1"). This practice helps you track and manage templates, ensuring clarity when managing multiple versions.
Sequences created here can be reused across Scan Profiles, which is particularly useful when testing applications that require authentication.
Allow Hosts
Use Allow Hosts to add additional hosts that should be considered part of the scan scope. This is useful when your application communicates with APIs, services, or related systems hosted on different domains or subdomains, such as third-party APIs or authentication services.
Adding these hosts allows the scanner to follow and test those interactions, ensuring that communication between your application and external or internal services is not left out of testing. This results in broader, more complete security coverage across your entire application.
Added hosts are not crawled for additional links or pages. However, any requests your application makes directly to these hosts will still be tested for vulnerabilities.
Ignore Hosts
Use Ignore Hosts to exclude specific hosts from being tested during a scan. Any host added here will be completely skipped by the scanner, even if your application actively communicates with it during normal use.
This is useful when your application references external services, third-party domains, or specific subdomains that are outside the intended scope of your assessment. Excluding these hosts keeps the scan focused and ensures results remain relevant to the parts of your application that actually matter.
Request Headers
This setting allows you to add custom headers to HTTP requests made during the scan.
Some applications require specific HTTP headers to interact with the back-end properly, such as authorization tokens, API keys, or content types. This setting ensures that those headers are sent with the requests, allowing the scanner to communicate with the application in the same way a legitimate user or service would.
In addition, adding custom request headers can help differentiate scanner traffic from real user traffic in your logs. For example, you might add a unique header like X-Scanner-User: ZeroThreat to clearly identify requests made by the scanner. This helps in monitoring and troubleshooting by making it easier to distinguish between genuine user activity and automated scans.
Adding the correct request headers can be important because in some scenarios failing to do so may cause the scanner to be blocked or treated as a bot, leading to incomplete or invalid scan results.
Cookie Request Header
Use Cookie Request Header to provide cookie values that should be included in requests during scanning. Applications often rely on specific cookies to maintain session state, manage access control, or ensure that requests are processed correctly by the server.
By providing the necessary cookie values here, you ensure the scanner sends requests in a way that closely reflects real user behaviour, reducing the chance of requests being rejected or returning incomplete responses during the scan.
Ignore URIs
Ignore URIs allows you to specify certain parts of your application that should be ignored by the scanner. This is useful when there are areas of your application that you don’t want to be scanned, such as pages that are not relevant to security testing, or areas that are out of scope for your current scan.
For example, you might want to exclude certain administrative pages, user-specific dashboards, or testing environments.
Ignoring non-critical or irrelevant URLs helps speed up the scan and avoids unnecessary scans of low-value endpoints. It also protects sensitive areas from being scanned unnecessarily.
Be Careful When Using Ignore URIs. Make sure to only exclude URLs that are genuinely irrelevant to your scan. Overusing this setting can lead to critical vulnerabilities being missed if important paths are inadvertently ignored.
Schedule Scans
The Schedule Scans section lets you view, manage, and create scan schedules for your targets. Rather than triggering scans manually each time, you can configure them in advance by specifying the target, time zone, day, time, repeat cycle, and scan profile. This ensures scans run automatically on a consistent schedule, with the right settings already in place, reducing manual effort and helping maintain regular security coverage over time.
Only targets that are verified, linked to an active subscription plan, and assigned to you with scan access will be available for scheduling.
Scan Profiles
The Scan Profiles section lets you create and manage profiles that define how scans should run for your target. Each profile captures your preferred scan configuration so it can be reused across future scans and schedules, eliminating the need to reconfigure settings each time.
Each profile stores your scan configuration, including whether the scan runs as authenticated or unauthenticated, the additional test coverage to apply such as tech stack based CVE coverage and prebuilt attack templates, and any other scan options supported by your plan. Together, these settings define the depth, scope, and behaviour of every scan that uses the profile.
This makes Scan Profiles the central place to define how your application will be tested before scans are executed or scheduled.
Browser HTTP Authentication
Use Browser HTTP Authentication to provide credentials for web applications protected by standard browser-level HTTP authentication schemes, such as Basic HTTP Authentication. Once saved, ZeroThreat will automatically use these credentials first to access the protected application.
This setting applies to browser-level authentication only and is separate from your application's own login flow, such as login form or in-app authentication methods.
Configured your target? Now head over to Quick Scan Guide to start your scan.