To scan for vulnerabilities using the crawl data (test cases) you created in Step 2, select Scan from the left sidebar.
Once you have confirmed the name of the project, click Start Scan.
Run the scan
When you click Run VAddy Scan, VAddy will scan the URLs that you
Choose the crawl data (test case) to use and then click Run VAddy Scan.
After some time has passed and you have reloaded the page, the scan's status will change to Complete and you will be shown the results. If there are any vulnerabilities in the crawled URLs, a red button will appear in the Alert column with the label n Problems (where n is the number of vulnerabilities found). For more details, click n Problems or Scan ID.
Detailed scan results
This example shows that a cross-site scripting vulnerability was found in the name parameter.
You will receive a notification email at the address registered with your account whenever a vulnerability is found in your scan results.
Actual attack request data
You can click the Show button to see the actual request data that was sent when the vulnerability was detected. With this information, you can reproduce the attack in your development environment and fix the vulnerability.
Scan results (no problems detected)
Once you have fixed the vulnerabilities that were detected and then re-scanned your site, the button in the Alert column will turn green with the label None.
You will not receive a notification email if no problems were detected during a scan.
Scan Count indicates the total number of HTTP requests that were sent during the scan. For example, 4 HTTP requests will be sent for a single URL that has 2 parameters: one request to check for SQL injection vulnerabilities and one request to check for XSS vulnerabilities in each parameter. The total number of requests will increase as the scanning engine is updated to detect even more vulnerability patterns.