The Invicti Scan Policy Editor can be used to fine tune web application security scans so they take less time to complete, consume less bandwidth and produce more accurate scan results. Using the Scan Policy Editor, you can modify existing, or create new, Scan Policies, and granularly specify across every vulnerability category which vulnerability security tests should run:
- For example, it is possible to enable or disable specific cross-site scripting vulnerability variants (rather than enabling every single one, as before)
- The same applies for all other vulnerability category, such as SQL Injection
The Scan Policy Editor also allows us to ship extra signatures in the near future. For example, there will be signatures to bypass certain WAFs (web application firewall), and if you are using a WAF then you can customize your policy and enable those extra checks. If you are not then your scan will not generate extra requests since the security tests for web application firewalls will be disabled. When possible, Invicti will also automatically optimize active configuration on the fly according to the target website for these extra signatures. In Invicti Standard, this is achieved by the Invicti Assistant feature.
For further information, see Configuring Scan Policies.