Scan Navigation Sequence Only
Navigation Sequence Only
When testing web applications, you may need to scan specific sections or functionalities without scanning the entire site. The Navigation Sequence Only Scan in ZeroThreat allows you to do just that. By recording your navigation through selected areas, this feature ensures that only the pages you visit are scanned, providing a targeted security assessment.
How to Perform a Navigation Sequence Only Scan?
Before You Start
Ensure the latest version of the ZeroThreat Chrome Recorder Extension is installed on your browser.
1. Select Your Target
From the ZeroThreat dashboard, click Scan the Target and choose the web application you wish to scan. Next change the scanning server if required.
2. Under the Authenticated Scan Section
Now under the Scan Method, click on Start New Authenticated Scan(
) button. This will launch your target web application in a new tab, along with the ZeroThreat Recorder Chrome window.
Minimize the Recorder Window
You can minimize the Recorder window, but keep it open throughout the process.
Visit Troubleshooting: Extension Not Opening if the extension doesn't open automatically in new tab along with target.
3. Configure the Recorder
Once the extension is loaded, start by clicking on the Stored Sequence Authentication button. This feature allows ZeroThreat to store and replay your authentication details, making it ideal for scheduled scans and DevOps automation.
Next you’ll have two options Full Scan or Scan Navigation Sequence Only. A Full Scan covers the entire web application, while a navigation sequence-only scan focuses solely on the pages you visit during recording.
Click the Start Recording (
) button to begin recording. The ZeroThreat Recorder will capture all your actions as you interact with the application.
4. Log In and Navigate the Target Application
As the recording begins log in to the target application using your credentials.
After logging in, navigate through the specific sections or functionalities you want to scan. The Recorder will track these interactions, ensuring the scan is limited to only the visited pages—it won’t crawl or test beyond what you navigate. For our example we will scan the Course List section and visit all the pages and functionalities related to it.
Avoid unnecessary actions to keep the recording focused on the intended areas.
When you’ve finished navigating the desired sections in our example the Course List functionality, click Stop Recording(
) to stop the recording. You’ll see an overview of your recorded sequence.
5. Configure the Template Information
After stopping, an overview and configuration for the template will open.
Here configure the following:
Name the Template: Assign a meaningful name to your recording for easy reference later.
Choose the Content Rendering Type: Select whether the application uses server-side rendering (e.g., WordPress, PHP, ASP.NET) or client-side rendering (e.g., Angular, React, Vue).
Optionally, exclude certain hosts from being scanned. This is useful for skipping hosts with sensitive data or third-party integrations.
6. Review and Start the Scan
After reviewing the recording information you will have two options.
Click Save and Exit(
) to store the recording sequence for later use.Click Save and Start Scan(
) to launch the scan immediately using your selected scan server.
7. Monitor the Scan
The scan will start immediately and you can track its progress and view results in the Scans section or Recent Scans section in the ZeroThreat portal.
Tips & Cautions
Focused Navigation: Only navigate the sections you want scanned. Unnecessary actions may include unintended pages in the recording.
Host Exclusion: Use the exclude hosts feature to avoid scanning sensitive or third-party resources unintentionally.
"Need help understanding your scan results? Visit the Scan Results section for detailed guidance.
Last updated