Scope Settings in WAS Scans
Configure Scope settings to specify the URLs and file types that you want to include in or exclude from your scan.
You can configure Scope settings when you create a scan or user-defined scan template and select the Overview or Scan template type. For more information, see Scan Templates.
Tip: If you want to save your settings configurations and apply them to other scans, you can create and configure a user-defined scan template.
The Scope settings include the following sections:
Selenium scripts you want to add to your scan to enable the scanner to analyze pages with complex access logic.
Hyperlink that allows you to add one or more recorded Selenium script files to your scan.
Your script must be added as a .side file.
The specification file for the RESTful API that you want to scan. The file should be OpenAPI Specification (v2 or v3) compliant and represented in either JSON or YAML format.
|Add File||Hyperlink that allows you to add one or more OpenAPI (v2 or v3) specification files. The specification files should be represented in either JSON or YAML format.|
The URLs you want the scanner to include, along with how you want the scanner to crawl them.
|List of URLs||none||
A list of any URLs you want to ensure the scanner analyzes, in addition to the target URL you specified in the Basic settings.
Type each URL as an absolute URL.
Type each URL on a separate line.
Note: All URLs should have the same domain and wildcards are not allowed.
|Specify how the scanner handles URLs found during the application crawl||Crawl all URLs detected||
Specifies the limits you want the scanner to adhere to as it crawls URLs.
Select one of the following:
The attributes of URLs you want the scanner to exclude from your scan.
|Regex for Excluded URLs||logout||
Text box option in which you can specify a regex pattern that the scanner can look for in URLs to exclude from the scan. You can specify multiple regex patterns separated by new lines.
Note: The regex values should be values contained within the URL to be excluded. For example, in the URL http://www.example.com/blog/today.htm, valid regex vlaues would be blog or today (not the full URL). Additionally, regex values are case-sensitive.
|File Extensions to Exclude||js, css, png, jpeg, gif, pdf, csv, svn-base, svg, jpg, ico||
Text box option in which you can specify the file types you want the scanner to exclude from the scan.
Separate each file type with a comma.
|Decompose Paths||not selected||
Check box option that allows you to specify whether you want the scanner to break down each URL identified during the scan into additional URLs, based on directory path level.
For example, if you specify www.example.com/dir1/dir2/dir3 as your target and select Decompose Paths, the scanner analyzes each of the following as separate URLs of the target:
Select this option to increase the surface coverage of your web application scan.
Note: Scans that include path decomposition can take longer to complete than scans that do not.