FAQ

Frequently Asked Questions on Frontend DAST¶

Q: My scan is taking too long and timing out. What should I do?¶

A: Try these parameters in order:

1. Reduce frontend_parallel_workers from 3 to 1
2. Enable frontend_use_persistence: true
3. Add problematic pages to your blocklist
4. Consider frontend_crawling_only: true for faster completion

Q: The scanner isn't finding all my application pages. How can I improve coverage?¶

A: Use these settings:

1. Increase max_duration to 180-240 minutes
2. Add known URLs to hotstart list
3. Ensure frontend_prefetch_sitemap: true
4. Increase frontend_max_fragments_visits and frontend_max_query_params_visits

Q: My application has complex authentication that breaks during scanning. What options do I have?¶

A: Configure these parameters:

1. Set frontend_integrated_authentication: true
2. Add logout buttons to frontend_blocklisted_element_selectors
3. Use frontend_single_page_worker: true if your app can't handle page reloads

Q: I want to scan a production environment safely. What's the recommended configuration?¶

A: Use these conservative settings:

scan:
  read_only: true  # Avoid mutating operations
  frontend_parallel_workers: 1  # Minimal load
  max_duration: 60  # Short duration
  frontend_escape_user_header: false  # Avoid adding headers

Q: My scan keeps getting stuck on the same pages with different parameters. How can I fix this?¶

A: Limit parameter exploration:

scan:
  frontend_max_query_params_visits: 2
  frontend_max_parameter_occurence: 3
  frontend_max_fragments_visits: 2

Q: I have a large e-commerce site with thousands of product pages. How should I configure the scan?¶

A: Use efficient crawling with blocklists:

scan:
  max_duration: 240  # Longer duration needed
  frontend_parallel_workers: 3
  frontend_max_parameter_occurence: 5  # Limit product variations
blocklist:
  routes:
    - path: ".*/product/[0-9]+/reviews.*"  # Skip review pages
    - path: ".*/category/.*/page/[0-9]+.*"  # Skip deep pagination