Web Deep Agentic Scan

The Web Deep Agentic Scan provides AI-powered penetration testing that uncovers complex logical flaws, chains multiple vulnerabilities into sophisticated attack paths, and validates findings through proof-of-concept exploits to confirm real-world impact on your web applications.

To create a Web Deep Agentic Scan:

1. Click the "Hamburger" menu icon.

2. Click on "Scanning".

3. Navigate to the scan page by clicking "New Scan".

4. Enter a name for your scan in the "Title" field. This field is optional.

5. Select either "Web App" or "Web API".

6. Specify the target URLs / domains. Click "Continue".

7. Select "Web Deep Agentic Scan" as the scan type. At this point, you can create the scan by clicking "Submit" or you can choose to provide specific instructions for the Deep Scan to focus on particular areas of the web application. To do this, click on "Continue".

8. Select one of your configured ""AI Provider" API keys for this Agentic Deep Scan scan, or create a new one "ADD API KEY".

9. Select or add new test credentials to enable the Agentic Deep Scan to perform authenticated testing. After selecting or adding the desired credentials, click on "Continue".

10. Optionally provide SBOM or lock files for extended dependency detection. Click "Continue".

11. Prompts allow you to guide the Deep Scan on what to test. You can select from existing prompts or create your own by clicking on "+ Prompt". After selecting or adding the desired prompts, click on "Continue".

12. You can configure advanced settings like the Queries Per Second (QPS), Proxy, and Filter URL regex (allows you to exclude specific URLs from being scanned). Click on "Submit" to start the scan.

13. Click on "Show" to see the scan.

This tutorial demonstrated how to create a Web Deep Agentic Scan for Web Apps and APIs.