Login
Get Started

FAQ

Home FAQ

How does scanmeter work?

scanmeter is a feature-rich, extendable, high-performance cyber security assessment platform aimed towards helping security managers, developers, penetration testers or administrators to assess the security of complex IT landscapes (e.g., systems , web applications or source code ).

Behind its simple user interface, scanmeter hosts an ideal usage and intelligent combination of today’s available security testing tools (best-of-breed methodology). The security testing tools have been optimized to collectively crawl and attack different types of targets, to identify security flaws or exploitable vulnerabilities that a single security testing tool might miss when used on its own.

What kind of methodologies does scanmeter use to perform a cyber security assessment?

scanmeter combines dynamic ( DAST ), static ( SAST ) and interactive ( IAST ) security testing approaches to provide the best possible coverage and to unite the best available security testing tools within the open-source and commercial security community respectively market.

What kind of security testing profile does scanmeter support?

scanmeter provides three different profiles to perform a security assessment. While the safe scan only includes non-invasive security tests (e.g., passive scanning like HTTP response headers, JavaScript inspection or security misconfigurations) the standard and exhaustive scans also perform invasive security tests (e.g., active scanning like fuzzing for SQL injection (SQLi) or Cross-Site Scripting (XSS) vulnerabilities).

How can the scope within a web application target be defined?

The scope is defined by the URL provided by the user. If the URL looks like https://www.scanmeter.io/app/ everything below the given path is within the scope.

  • In scope
    • https://www.scanmeter.io/app?param=test
    • https://www.scanmeter.io/app/test.html
  • Out of scope
    • https://scanmeter.io/
    • https://www.scanmeter.io/nope/

Does scanmeter include a proof-of-concept exploit for a particular finding?

Yes, it does. Since scanmeter is using a best-of-breed approach a target is being scanned using an ideal usage and intelligent combination of multiple security testing tools in parallel. If a vulnerability is found by multiple security testing tools the vulnerability will be normalized and deduplicated. This gives scanmeter the huge advantage to provide multiple proof-of-concepts and payloads do reproduce a vulnerability.

Does scanmeter include a recommendation?

Yes, it does. Furthermore, the recommendations per vulnerability category can be customized if required.