Session management basic setting allows Vex to scan the target page by sending payloads directly without executing Handler (i.e. without reproducing a scan scenario) as long as specified conditions are met. This can shorten the scanning time by reducing the number of page to be accessed by scanning during the session ID held is valid.
<Steps>
Click the 
icon (Setting) on the upper Vex screen >click "Web scanning setting".
As a condition to execute Handler, specify a specific string that is to be contained or not to be contained in a response when a session is invalid.
In the above example, Handler will be executed only when the response obtained during the scan does not contain the string "Hi, user".
Although it depends on the application, you may be able to significantly reduce the number of pages to be accessed during the scan.
Comments
0 comments
Please sign in to leave a comment.