Skip to main content

WAS Project Overview

Overview

Each project represents a single web application or API environment under assessment.
A project contains:
  • Metrics – high-level status and vulnerability counts
  • API Endpoints – discovered or imported request inventory
  • Transformed Requests – AI-enhanced or mutated requests
  • Vulnerabilities – all findings detected during scanning
  • Configuration – settings for authentication, crawling, rules, and scope
Projects enable security teams to organize testing efforts and monitor risk at the application level.

Project Metrics

Project Metrics Dashboard

The Metrics tab provides a quick summary of project health:

Pending Vulnerabilities

Total vulnerabilities identified and awaiting remediation.

Resolved Vulnerabilities

Number of findings resolved or marked safe.

Progress Overview

Tracks remediation progress out of total findings.
Additional charts such as Status Distribution and Severity Distribution help visualize vulnerability trends.

API Endpoints

API Endpoints Inventory

The API Endpoints tab displays:
  • Total requests discovered
  • Total transformed requests
  • Requests sent to the scanner
  • Vulnerabilities found per request
Each row includes:
  • Endpoint path & host
  • Request method (GET, POST, etc.)
  • Associated vulnerabilities by severity
Filters allow sorting by:
  • Severity
  • HTTP method
  • Whether vulnerabilities exist
This is essential for understanding the attack surface and identifying high-risk endpoints.

Transformed Requests

Transformed Requests View

Transformed Requests show all mutated, enhanced, or AI-generated variations derived from original traffic. These help simulate:
  • Edge cases
  • Unexpected payload behaviors
  • Authentication bypass attempts
  • Input rewriting
Useful for improving test depth and coverage.

Vulnerabilities

Vulnerability Listing

All identified vulnerabilities appear here once a scan runs. Features include:
  • Severity badges
  • State (Open / Resolved)
  • Detection timestamps
  • Endpoint association
  • Detailed findings after expansion
If no vulnerabilities exist, the system displays an onboarding prompt to Start a Scan.

Configure

Project Configuration Panel

The Configure tab defines how the scanner interacts with your application.

Application Information

  • Target URL
  • Application Name
  • Owner
  • Tags

Scanning Scope

Define include/exclude patterns using scope rules.

Authentication

Upload Playwright authentication scripts to enable authenticated scans. Includes:
  • File upload interface
  • String-based authentication validation logic

Crawler Settings

Aggressive

Fast, comprehensive crawling with maximum coverage.

Intelligent (AI)

AI-guided crawling that prioritizes important paths.

Webhook URL

Send vulnerability results to external systems.

Scan Rules

Enable or disable detection categories such as:
  • Security Headers
  • Authentication Bypass
  • Directory Traversal
  • XSS (Stored / Reflected)
  • Open Redirect
  • Server Error Leaks
Each rule can be toggled individually.

Best Practices

Organize Projects

Use tags and owners to categorize applications by teams or environments.

Optimize Crawling

Select AI-powered crawling for large or dynamic applications.

Improve Findings Quality

Use transformed requests to enhance attack coverage.

Automate Workflows

Integrate with Postman, Swagger, or VM for unified risk visibility.

Next Steps

Run a Scan

Launch a new scan for this project.

View Vulnerabilities

Explore all findings, remediation advice, and status workflows.