Skip to main content
VulnProScanby Dynamgenix IT Corp

Guides

Practical step-by-step documentation for getting the most out of Vuln Pro Scan — from your first URL scan to integrating security testing into your continuous delivery pipeline.

BeginnerIntermediateAdvanced
Beginner5 min read

Your First Authorized Scan: A Step-by-Step Walkthrough

Set up and run your first authorized dynamic scan from scratch. Covers target authorization, URL formatting, scan configuration, and what to expect during and after the scan.

Key steps

  1. Confirm authorization — ensure you own or have written permission to test the target URL
  2. Try the limited demo at /trial with a URL you are authorized to test, or sign in and open the full scan console for complete runs
  3. Review scope — the scan stays within the submitted host and discovered paths
  4. Start the scan and monitor the elapsed time indicator as testing progresses
  5. Review the findings summary when complete — use severity filters to prioritize
Tip: Run your first scan against a staging or development environment to avoid any disruption to production traffic.
Intermediate7 min read

Understanding Severity Ratings and Prioritizing Remediation

Learn how Vuln Pro Scan severity levels map to real-world risk, how to read the evidence in each finding, and how to decide what to fix first based on exploitability, impact, and context.

Key steps

  1. Critical and High: fix immediately — these represent directly exploitable conditions that could result in data breach or system compromise
  2. Medium: remediate in the next sprint — these are real vulnerabilities that require specific conditions or additional attacker access to exploit
  3. Low and Informational: schedule for improvement — these are defense-in-depth items that reduce attack surface without immediate exploitation risk
  4. Review each finding's endpoint, evidence, and category before scheduling remediation
  5. Use the category filter to group by attack class and batch similar fixes across multiple endpoints
Context matters: a Medium finding on an admin endpoint may warrant faster remediation than a Low finding on a static assets path.
Intermediate8 min read

Setting Up Authenticated Scanning for Deeper Coverage

Authenticated scans test protected application areas that are invisible to an anonymous scanner — including IDOR vulnerabilities, broken access control, and session management weaknesses. This guide walks through credential configuration and scan scoping.

Key steps

  1. Use a dedicated test account — never use production credentials or admin accounts for scanning
  2. Ensure the test account has the right role: use the same permission level as the users you want to test coverage for
  3. Configure credentials in the scan console before initiating the authenticated scan run
  4. Review the scan scope: authenticated scans follow links and test endpoints discovered after login
  5. Compare authenticated vs. public scan results to understand the additional coverage unlocked
Authenticated scans are available on Pro and Enterprise plans. Get access at /invite.
Beginner4 min read

Exporting and Sharing Scan Reports with Your Team

Learn how to export scan results, share findings with developers, and use the structured report output to feed ticketing systems, compliance evidence packs, or internal review workflows.

Key steps

  1. From the dashboard findings view, use the Export button to download the current filtered result set
  2. Full reports include severity, category, endpoint, evidence, and remediation guidance per finding
  3. Use severity and category filters before exporting to create focused reports for specific teams
  4. Exported evidence packs include HTTP request/response pairs that developers can use to reproduce findings
  5. For compliance use cases, the category mapping provides alignment to OWASP and CWE identifiers
Full unmasked reports with complete evidence are available on paid plans. Trial scans include a masked summary.
Advanced10 min read

Integrating Scans into Your SDLC and Development Workflow

Shift security testing earlier in the development lifecycle by running scans against staging environments in CI/CD pipelines, gating deployments on critical finding counts, and building an ongoing visibility loop.

Key steps

  1. Configure a staging environment URL as a persistent scan target that receives scans on each deployment
  2. Use the API to trigger scans programmatically from CI/CD (GitHub Actions, GitLab CI, Jenkins)
  3. Set severity thresholds: fail the build pipeline if Critical or High findings appear in new scan results
  4. Track scan history in the dashboard to identify regressions when new findings appear after prior clean scans
  5. Use the findings trend view to measure remediation velocity over time
API access and CI/CD integration are available on Pro and Enterprise plans. Contact sales for integration architecture review.

Ready to try it?

Preview the product with a demo scan, request full access, or sign in to open the real scan console.

More resources