- Click on Assets management > Network targets and websites
- Click on the Add button
Fill the form
- “Node” refers to the Cyberwatch node that should perform the analysis;
- “Target” refers to the network target or the website to analyze; you can specify network target in the form of a domain name or an IP address or a website target in the form of a URL; in either case, a port scan is performed on the target as well as a discovery of the services used to determine the versions of the exposed services.
- Confirm with the “Save” button
Some advanced scanning parameters are configurable through the scanning policy, including the maximum web scanning duration and the maximum crawling duration. To edit them, go to Settings > Scanning policies, and edit the policies of the relevant network targets and websites. The web scanning parameters are located inside the “Advanced settings” section.
When adding or editing a network target, you can specify a set of credentials and an authentication method. These settings apply only when the target is a website, or at least has an open HTTP port.
To enable authentication, you first need to create a credentials set of type Web scan from menu Settings > Stored credentials.
The authentication methods match the types supported by the HTTP Authorization header, except for the post authentication that simulates a user inputting their credentials into a login form. The login form URL only apply to the post authentication method.
Cyberwatch supports any IP address, as any valid and resolved URL or domain name.
In any case, Cyberwatch checks what ports are opened among the 3000 most commonly used ports. On the opened ports, two scanning strategies are used:
- A passive scan, which detects exposed services versions on each target port, and identifies vulnerability associated to it. If the port is a web port, an additional OWASP scan which identify used libraries and configuration defaults from the OWASP top ten (such as configuration defects in headers) is executed.
- An active scan, which is a more detailed review based on the port specificities.
If the port supports TLS, a TLS audit is performed with aim to identify if weak cipher suites are accepted, any use of deprecated protocols, or any certificate invalidity. If the port responds to http/https requests, Cyberwatch executes a second OWASP scan which covers some others configuration defaults from the OWASP top ten, such as possible XSS/SQL injections, etc.