Provide web application scan settings when starting a new web application scan. Underlying scan settings are optimized to test the security of web applications per PCI Requirement 6.6.
Best Practice - The Crawl Only option allows you to define a scan that will crawl the web application without performing security vulnerability checks. We strongly recommend that you use the Crawl Only option for your first scan.
Select an authentication record if the web application you're going to scan has login forms. If not, select the option "No Authentication". See Managing Authentication Records.
The web crawler follows links to form actions that it encounters when the form method attribute matches the selection. This configuration does not apply to authentication. If an authentication record is selected for the scan, the scanning engine will attempt to authenticate no matter which form submission option you select.
The default is 300, and the maximum is 5,000.
When selected, the web crawler follows links down the web site branch in the same directory as the starting URI. It will not follow links across the web site branch to pages parallel to the starting URI.
Several bandwidth levels are provided, and each level represents multiple settings. It's recommended that you use the default bandwidth level (Medium) to get started. Learn more