Skip to main content

Overview

The Projects module is the central workspace for the Web Application Scanner (WAS)**.
Each project contains its own set of API endpoints, vulnerabilities, scanning configuration, crawler rules, and transformed requests.
You must create a project before performing scans, importing traffic, or viewing vulnerabilities.

Overview

The Projects page displays all WAS projects along with:
  • Project name
  • Description
  • Started date
  • Owner
  • Quick actions
Projects serve as isolated workspaces where you configure scanning, analyze vulnerabilities, and review security findings per application.

Creating a Project

To create a new WAS project:
  1. Click Create Project.
  2. Enter the project Name.
  3. Add a Description (optional).
  4. Select relevant Collections (if applicable).
  5. Click Create to generate the project.
Newly created projects appear instantly in the Projects list.

Project Workspace

Selecting a project opens the full Project Workspace, which contains multiple sections:
The workspace includes:
  • Metrics
  • API Endpoints
  • Transformed Requests
  • Vulnerabilities
  • Configure
  • Crawler Settings

📊 Project Sections

Metrics

The Metrics tab provides project-wide insights:
  • Pending vs resolved vulnerabilities
  • Severity distribution (Critical / High / Medium / Low)
  • Total identified vulnerabilities
  • Visual charts for status and severity
This gives a real-time health snapshot of the application’s risk.

API Endpoints

Displays every captured API request, including:
  • HTTP Method
  • Host
  • Path
  • Total vulnerabilities for that endpoint
  • Filters (severity, method, has vulnerabilities, etc.)
Used to analyze coverage and identify vulnerable endpoints.

Transformed Requests

Shows normalized/processed versions of API requests that the scanner uses internally. Includes:
  • Endpoint
  • Method
  • Host
  • Vulnerability summary
Useful for understanding scanner processing and request transformation depth.

Vulnerabilities

The Vulnerabilities tab displays:
  • Vulnerability Title
  • Status (Active, Suppressed)
  • Scan Name
  • Severity
  • First Detected / Last Detected
  • Quick Actions (view, suppress, etc.)
This is the primary interface for triaging and responding to findings.

Configure

Used to set up:

Application Information

  • Target URL
  • Application Name
  • Owner
  • Tags

Scanning Scope

Add scope rules limiting what the scanner tests.

Authentication

  • Upload Playwright authentication scripts
  • Add success-detection logic (string match)

Crawler Settings

Choose between:
  • Aggressive mode
  • Intelligent (AI-powered) mode

Crawler Rules & Webhook Settings

Includes:
  • Webhook URL for receiving vulnerability notifications
  • Rule activation toggles for specific checks:
    • Missing Security Headers
    • Authentication Bypass
    • Server Error Leak
    • Directory Traversal
    • XSS Indicators
    • Command Injection
    • SQL Injection
    • And more…
These rules control what the WAS engine tests during scans.

Next Steps

View Vulnerabilities

Explore project-specific vulnerability findings and remediation details.

Manage Scanners

Connect or configure a scanner instance for automated scanning.

Explore Live Demo

Explore Snapsec Live — No Signup Needed

Jump straight into the live environment and see how Snapsec unifies asset intelligence, threat detection, and vulnerability tracking — all in one dashboard.