Web Scan Profiles

Ostorlab offers specialized scan profiles designed to assess the security of your web applications and APIs. These profiles utilize advanced techniques to uncover vulnerabilities, configuration weaknesses, and potential data exposures.

Full Web Scan

A comprehensive security assessment covering the entire web application stack, including frontend, backend, and APIs.

Key Features

Automated deep crawling & session-aware navigation.
Advanced Injection detection (SQLi, NoSQLi, Command Injection).
Cross-Site Scripting (XSS) & Local/Remote File Inclusion (LFI/RFI).
XML External Entity (XXE) & Server-Side Template Injection (SSTI).
Software Composition Analysis (SCA) for vulnerable dependencies.

Web Exhaustive Scan

An expansive external posture assessment designed to identify all reachable web assets and common misconfigurations.

Key Features

Subdomain enumeration & virtual host discovery.
Nuclei-powered template scanning for thousands of CVEs.
Specialized WordPress & CMS security auditing.
Publicly exposed sensitive file discovery (e.g., .env, .git).
Rapid identification of low-hanging fruit and high-impact exposures.

Web Deep Agentic Scan

An AI-powered, autonomous pentesting profile that goes beyond pattern matching to discover complex logic flaws.

Key Features

Autonomous vulnerability chaining (e.g., SSRF to RCE).
Business logic flaw identification & exploitation.
Automated Proof-of-Concept (PoC) exploit generation.
Context-aware attack path exploration using Large Language Models.
Dynamic validation of sophisticated security bypasses.

Web Single Vulnerability Assessment

A targeted validation profile used to confirm the existence and exploitability of a specific reported risk.

Key Features

Targeted vulnerability validation and re-testing.
Manual-like precision in confirming exploitable entry points.
Actionable risk insights with verified impact analysis.
Streamlined verification for remediation tracking.