Test Scope Improvements in the Websecurify Suite
We are happy to inform you that the Scanner tool, from the online Suite, now has the ability to limit test scopes. It works like this. First you need to type at least one target as seen on the screenshot:
...Then you click on the glasses button on the left. This will bring the scope window where you can play with the test scope. The beautiful thing about this tool is that you can test your rules in-place with the built-in test editor. This way you can be absolutely sure that your rules are perfect. The process is illustrated on the screenshot bellow:
There you have it. Now you can go nuts and test any application in whichever configuration you like. However, if you don't want to mess with the scope you really don't have to. The testing engine will automatically figure out some types of special urls (i.e. logout links) and not scan them in order to prevent incidental termination of your authenticated session.
Great! Now let's see what is next.