Skip to content

Web Scan Profiles

Ostorlab offers specialized scan profiles designed to assess the security of your web applications and APIs. These profiles utilize advanced techniques to uncover vulnerabilities, configuration weaknesses, and potential data exposures.

Web App Scan

The Web App Scan profile provides a comprehensive security assessment for your web applications. It simulates user interactions and attacker techniques to identify vulnerabilities in the application's frontend, backend, and supporting infrastructure.

Overview and Capabilities

  • Application Discovery and Mapping:
    • Automatically explores the web application by navigating pages, following links, and submitting forms.
    • Identifies the structure of the application, including discovered pages, resources, and interactive elements.
  • Technology Identification:
    • Identifies the technologies used to build and run the web application, such as programming languages, frameworks, web servers, and content management systems.
  • Dynamic Security Testing:
    • Actively tests the application for common web vulnerabilities.
    • Identifies client-side vulnerabilities like Cross-Site Scripting (XSS).
    • Checks backend systems for weaknesses such as SQL Injection, Command Injection, and insecure server configurations.
    • Attempts to bypass security controls and access restricted areas or functionalities.
  • Server and Infrastructure Analysis:
    • Scans the web server and associated infrastructure for thousands of known vulnerabilities (CVEs) and common misconfigurations.
    • Checks the security of the web server's SSL/TLS encryption setup, looking for weak protocols, certificate issues, and configuration flaws.
    • Evaluates server security settings against recognized industry best practices.
  • Sensitive Data Exposure Checks:
    • Scans the application and its accessible resources for accidentally exposed sensitive information, such as API keys, passwords, or private credentials.
  • Third-Party Component Analysis:
    • Identifies third-party libraries and software components used within the application.
    • Checks these components against databases of known vulnerabilities to detect risks inherited from external dependencies.
  • Domain and Infrastructure Security Checks:
    • Analyzes domain name system (DNS) settings for potential security misconfigurations.
    • Checks subdomains for risks, such as potential takeovers.
    • Assesses the reputation of the domain and associated IP addresses using security intelligence sources.

This profile delivers an in-depth security assessment of a specific web application. It combines automated interaction and mapping, dynamic testing against common web vulnerabilities (like XSS and SQL Injection), analysis of server configurations, and checks for vulnerable dependencies to provide a comprehensive view of the application's security posture.

Web API Scan

The Web API Scan profile is specifically tailored for testing the security of Application Programming Interfaces (APIs), which applications use to communicate and exchange data (e.g., REST, GraphQL APIs). It focuses on vulnerabilities unique to API implementations, authentication, authorization, and the backend systems powering them.

Overview and Capabilities

  • API Endpoint Discovery and Analysis:
    • Automatically discovers API endpoints by analyzing common API definition files (like OpenAPI/Swagger, WSDL) and exploring potential API paths.
    • Performs specialized analysis for GraphQL APIs to identify common security issues related to schema exposure, query complexity, and access control.
  • API Vulnerability Testing:
    • Tests for common API vulnerabilities, including insecure data handling, authentication flaws, authorization bypasses, injection attacks (e.g., SQL Injection), error handling issues, and other security weaknesses.
  • Server and Infrastructure Analysis:
    • Scans the servers hosting the API and related infrastructure for known vulnerabilities (CVEs) and common misconfigurations.
    • Checks the security of the API endpoints' SSL/TLS encryption setup for weaknesses and configuration errors.
  • Sensitive Data Exposure Checks:
    • Analyzes API responses and related resources for inadvertently exposed sensitive information like API keys, internal system details, or user data.
  • Third-Party Component Analysis:
    • Identifies third-party libraries and software components used within the API implementation or its environment.
    • Checks these components against databases of known vulnerabilities.
  • Domain and Infrastructure Security Checks:
    • Analyzes domain name system (DNS) settings for the API's domain for potential security misconfigurations.
    • Checks subdomains associated with the API for risks, such as potential takeovers.
    • Assesses the reputation of the domain and associated IP addresses used by the API using security intelligence sources.

This profile provides targeted security testing specifically for APIs (REST, GraphQL, etc.). It focuses on discovering API endpoints, testing for common API vulnerabilities like authentication/authorization issues and injection flaws, analyzing supporting infrastructure, and checking for data exposure unique to API interactions.

Web Deep Agentic Scan (New)

Web Deep Agentic Scan provides AI-powered penetration testing that uncovers complex logical flaws, chains multiple vulnerabilities into sophisticated attack paths, and validates findings through proof-of-concept exploits to confirm real-world impact on your web applications.

Overview and Capabilities

  • Exploitability-First Validation:
    • Focuses on issues that can be demonstrated under realistic web application conditions.
    • Validates findings with concrete attack evidence before prioritization.
  • Advanced Workflow and Business Logic Testing:
    • Tests high-risk business workflows such as signup, checkout, account recovery, and refund flows.
    • Identifies multi-step logic flaws that are often missed by traditional profile-based testing.
  • Authorization and API Abuse Analysis:
    • Assesses broken access control patterns across web and API surfaces.
    • Evaluates abuse scenarios such as workflow bypasses, replay patterns, and privilege escalation paths.
  • Cross-Surface Attack Chaining:
    • Correlates weaknesses across web applications, backend APIs, and third-party integrations.
    • Chains vulnerabilities to expose true business impact and attack feasibility.
  • Proof-Grade Reporting and Retesting:
    • Delivers reproducible evidence, including request/response logs, screenshots, and step-by-step reproduction.
    • Supports remediation verification by retesting after fixes are released.
  • BYOK and Scan Guardrails:
    • Supports Bring Your Own Key (BYOK) model selection for AI-driven scan execution.
    • Enables spend control strategies (for example, max spend guardrails) for predictable deep scans.

Web Deep Agentic Scan is built for critical releases, complex web applications, and high-risk changes where exploitability matters more than raw alert volume. It helps teams move faster with validated findings and lower false-positive noise.