Incremental Scanning

Incremental scanning provides a way for you to find and audit the areas of your web application that change over time, while keeping all findings in a single scan. This involves performing incremental scans and merging these scans back into the baseline scan. For more information about incremental scans and baseline scans, see Reusing Scans.

Merging Baseline and Incremental Scans

You can merge the baseline scan and the incremental scan into a single scan. Then you can use the attack surface of the combined scans for future incremental scans.

After conducting an incremental scan, if you select the incremental scan and the baseline scan and then right click, you will see a Merge option.

Important! You must click the baseline scan from which the incremental scan was derived to see the Merge option enabled.

When you click Merge, the incremental scan is merged into the baseline scan. The baseline scan now contains the union of the 2 scans. After merging, the resulting scan becomes the new baseline scan. You can continuously perform incremental-merge-incremental-merge indefinitely to create a process for continuous or deferred auditing. For more information, see Incremental Scan with Continuous or Deferred Audit.

To merge scans:

  1. In the Manage Scans page, select the baseline scan and the incremental scan.

  2. Right-click and select Merge.

Log entries, including the baseline and incremental scan IDs, are written to the scan log when scans are merged.

Incremental Scan with Continuous or Deferred Audit

Incremental scanning provides the ability to perform continuous audit or deferred audit.

With incremental scanning, you can put in place a process for continuous audit. This process would be as follows:

  1. Create a baseline scan.

  2. When an incremental scan is needed:

    1. Create an incremental audit scan from the baseline scan. During this scan, new surface is audited.

    2. Merge the incremental scan with the baseline scan. The merged scan becomes the new baseline scan. For more information, see Merging Baseline and Incremental Scans.

    3. Delete the incremental scan.

    4. Return to Step 2.

With incremental scanning, you can put in place a process for deferred audit. This process would be as follows:

  1. Create a baseline scan.

  2. When a new incremental scan is needed:

    1. Create an incremental crawl-only scan from the baseline scan.

    2. Merge the incremental scan with the baseline scan. The merged scan becomes the new baseline scan. For more information, see Merging Baseline and Incremental Scans.

    3. Delete the incremental scan.

    4. If new attack surface is found, resume the baseline audit and audit the new surface.

    5. Return to Step 2.

See Also

Reusing Scans