Skip to content
NightVision Docs

Public Web Apps

Description

Section titled “Description”

Historically, skilled engineers have needed hours or days to prepare and run task scans. However, with NightVision, any developer can easily start a scan from scratch in under 30 seconds and obtain results in under 15 minutes. View how quick and easy it is to start a Public Web App Scan with our demo below.

Note: Here is the reference for the URL used in this tutorial:

  • Base Target URL: <http://public-firing-range.appspot.com/>

Interactive Demo - Public Web App Scan

Section titled “Interactive Demo - Public Web App Scan”

iframe


Step-by-Step Guide

Section titled “Step-by-Step Guide”

To run a security scan against a Web Application:

  1. Navigate to https://app.nightvision.net.

  2. Click on New Scan in the top left.

  3. Click on Scan Web Applications this will bring you to the scan home screen.

    The NightVision interface displays options for scanning web applications and APIs The NightVision interface displays options for scanning web applications and APIs

    The NightVision "Scan Web Target" interface allows users to set up a new scan by specifying project details, target name, base URL, application, and authentication options. The NightVision “Scan Web Target” interface allows users to set up a new scan by specifying project details, target name, base URL, and authentication options.

  4. Click on Create new Target, add the name of a target, and add the target URL (for example, you can test this out with http://public-firing-range.appspot.com or feel free to use the URL of your public web application).

The NightVision setup screen displays fields for configuring a new scan, including project name, target name, base URL, and options for creating a new target. The NightVision setup screen displays fields for configuring a new scan, including project name, target name, base URL, and options for creating a new target.

  1. Lastly, click Start Scan to begin your scan.

Use the Start Scan button to initiate the scan. Use the Start Scan button to initiate the scan.

This will navigate to the Scans page, where the scan is now listed as “In Progress.”

The running scan will appear in the scans page. The running scan will appear on the scans page.

Waiting a few minutes will reveal that results typically appear within seconds to a few minutes. The tool generally takes 5-15 minutes to crawl the website, inject payloads, and identify vulnerabilities.

Here’s what the completed scan looks like:

Once the scan is completed, it will display results. Once the scan is completed, the results will be displayed.

  1. Explore the security vulnerability further by clicking on the finding, like Cross Site Scripting (Reflected).

Here are what the results look like:

The results page displays detailed information of scan result. The results page displays detailed information on scan results.