Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Application Security Platform
Scan profiles

Default scan profiles

This document is for:
Invicti Platform

Scan profiles are collections of predefined security checks used to test your web application for vulnerabilities. When launching a scan, you select a scan profile to run against a target. Invicti includes a set of default scan profiles designed to meet common application security needs. You can use these defaults or create custom scan profiles tailored to your specific requirements. A single target can be scanned multiple times using different scan profiles.

Built-in scan profiles

Default scan profiles are predefined groupings of tests designed to identify specific classes of vulnerabilities, such as SQL injection or Cross-Site Scripting (XSS). These profiles help streamline scanning by narrowing or expanding the scope of checks depending on your goals. You can use these profiles to focus on specific risks or perform comprehensive assessments.

  • Full Scan

Performs a comprehensive scan using all available checks in Invicti. This profile offers the widest vulnerability coverage.

  • Critical / High Risk

Scans only for the most severe vulnerabilities, including SQL Injection, Cross-site Scripting (XSS), and File Inclusion. This profile is dynamically updated with each release to include the latest high-impact checks.

  • Critical / High / Medium Risk

Extends the Critical / High Risk profile by also checking for medium-risk issues, such as server misconfigurations and common coding flaws. This profile is also dynamically updated.

  • Cross-site Scripting (XSS)

Focuses exclusively on detecting XSS vulnerabilities. Updated regularly to include the latest relevant tests.

  • SQL Injection

Focuses only on detecting SQL Injection vulnerabilities. This profile is dynamically updated to reflect the latest threat signatures.

  • Weak Passwords

Identifies login forms and attempts to exploit them using known weak credentials to detect authentication vulnerabilities.

  • Crawl Only

Performs a crawl of the target site to map its structure without running any vulnerability checks.

  • OWASP TOP 10 API

Scans for the top 10 most critical API risks to web applications, as defined by the OWASP Top 10 API project.

  • OWASP Top 10

Scans for the top 10 most critical security risks to web applications, as defined by the OWASP Top 10 project.

  • PCI checks

Identifies vulnerabilities that would cause non-compliance with Payment Card Industry data security standards (PCI DSS).

  • Sans Top 25

Scans for the 25 most dangerous software errors, based on the Common Weakness Enumeration (CWE) list curated by the SANS Institute.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Share This Article