Active scanning - Can be automated with Zest language (Created by Mozilla)
- Voc
- Context/WebApps/URL Grouping
- Mode
- Safe - Prevent scanning unwanted websites
- Protected - Uses defined scope
- Attack - Active scanning
Audit can be done the following way:
- Launch index spider
- Passive scan
- Active scan
Scan rule can be tweaked using thresholds Possible to export the results to an XML file