Scan with a HAR

You can use a pre-recorded session of a user interaction with the target application (HAR file) when running a scan. Using the data contained in the HAR file, Nexploit defines the attack surface and ensures complete coverage of the scan scope. To run a scan using a HAR file, you need to upload the file in the Recording Session section.

You can create a HAR file either manually or automatically (using QA tools, such as Selenium). See Creating a HAR File to record an interaction session manually.

🚧

Important

To ensure complete coverage of the scan, you should configure an authentication object so that the Nexploit engine can reach the authenticated parts of the target application. See Managing Your Authentications for detailed information.

Pros Cons
Deeper coverage. You can enable Nexploit to switch between the microservers during scanning if the relative data is recorded in the HAR file. Nexploit uses all the recorded data to define the attack surface. Therefore, it can reach every part of your application covered by the HAR file. Less automation. You have to create a HAR file on every new part of the application you want to scan. It may be a problem for large development teams where the engagement process is quite complicated.
Scope control. The scan covers exactly the same scope of the target as recorded in the HAR file (determined by a user). Therefore, Nexploit can run a scan only for a new part, instead of scanning the whole application on every build.

👍

Tip

You can combine full automation with complete coverage by applying both the Crawler and Recorded (HAR) discovery types for a scan.


What’s Next
Did this page help you?