INFO: Version 14.xModule type:

Security spider

With the new Security Spider, projects can be scanned and checked for XSS vulnerabilities, for example. This tool is particularly interesting for quickly testing your own applications in customer projects, as it automatically recognizes the parameters used and searches for vulnerabilities.

Security Spider
Security Spider

Operation

The security spider scans the specified directory.

'Domain':

In this field ...

'Scan starting from':

In this field, you can use the right selection arrow to select the file from which the scan should start.
Example:
/en/index.php

'Within from':

In this field, you can use the right selection arrow to select the directory within which the scan should take place.
Example:
/en

'Progress':

The progress is displayed in this field during the scan.
A legend below the field explains the corresponding meanings.

'Simulation':

This field shows the possible effects of simulations during the scan.

Function bar

Start':

Click on this button to start the scan.

'Stop':

Click on this button to stop the scan. Please note that the scan does not end immediately, but can run through a few more pages. Restarting the scan will then start from the beginning again.

'Close':

Closes the current window.

The security spider acts like a search bot/spider and calls up the pages via a GET call. Different scenarios of possible transferred URL parameters are checked.