Quick Start Guide Navigation
Create Project Scan Project Work With Results Fix Vulnerabilities

Scan Project

CodeScan will automatically scan your source code for potential vulnerabilities. The scanning engine behind CodeScan is very complex, and can take a reasonable length of time to complete a scan. While a small codebase such as the sample code we have provided may complete in under a minute, larger code bases will take much longer. Some user input may be required to process dynamic/database driven includes, which pauses the scanning process until they are resolved.

Please be aware of the minimum and recommended system specifications for scanning – 1.8GHz+ CPU and 1GB RAM minimum, 2GB+ RAM recommended.

Now that you have created your project, you can begin setting up your scan. If you wish to perform a quick scan without any advanced setting, skip ahead to the “Scan” section. If you would like to customize your scan to reduce false positives, follow the advanced items below.

Advanced: Project Properties

Project Settings are available to manipulate how the scanning engine emulates the web server environment, and how deep the processing engine will scan. Please check through the tabs in the “Project Properties” dialog (accessible under the File menu) before initiating a scan to ensure CodeScan is set up to provide accurate results that will match your environment.

Advanced: Custom Filters

Custom Filters

If you have created or utilised custom string-cleaning functions, you should identify them through the custom filters tab within the Project Properties to reduce the number of false positives. You can allocate a “Filter Score” to this function for each category – Between 0 (no sanitization) and 100 (perfect sanitization). For additional help on this section, please check the User Guide

Scan

Scan Button

To initiate the scan, simply press the “Scan” button, marked as an Orange target on the Toolbar, and available through the Project Explorer pane.

Audit Modules

You will be presented with an “Audit Modules” dialog. Select which categories of vulnerability you wish to scan for. By default, all available categories are selected. When you are done, press “Scan”

Scaning Complete

CodeScan Complete

Save Results

Once the scan is complete, You will be prompted to save your results. These will be saved within your CodeScan Project automatically. Press save to begin working with your results.

You’re now ready for Step 3: Work With Results