Reusing Scans

Reusing a scan uses data from a previous scan to assist a new scan. Two scans are involved when conducting a reuse scan:

• The reuse scan is the new scan being conducted.

• The source or baseline scan is the scan from which data is used to reduce the work and time needed to complete a reuse scan.

Reuse Options

Four options for scan reuse are available:

• Reuse Incremental — find new attack surface. This scan performs a normal crawl and compares each session to the baseline scan. Only new sessions that did not exist in the baseline scan are audited. For more information, see Incremental Scanning.

• Reuse Remediation — look for vulnerabilities that were found in the baseline scan. This scan creates a policy that includes only those checks that flagged in the baseline scan, and audits the site again using this custom policy. Therefore, this scan looks at only the checks that flagged in the baseline scan.

Difference between Remediation Scans and Retest Vulnerability

Remediation scans apply a reduced policy that is derived directly from the flagged vulnerabilities in the baseline scan to all sessions in the remediation scan, rather than to just the sessions that were vulnerable in the baseline scan.

For example, a baseline scan found cross-site scripting (XSS) on session A but not session B. Subsequently, XSS was fixed on session A, but created on session B. Using the Retest Vulnerabilities option will not find the vulnerability on session B, but a remediation scan will find it. Therefore, a remediation scan will evaluate all of the known attack surface area for previously found vulnerabilities.

Guidelines for Reusing Scans

Follow these guidelines when reusing scans:

• The baseline scan must be available on the machine where the reuse scan is executed.

• The baseline scan does not need to be in the same database as the reuse scan.

Reusing a Scan

To reuse a scan:

1. Do one of the following:

   • From an open scan, click Rescan and select the reuse option you want from the drop-down menu.

   • On the Manage Scans page, right-click a scan, click Rescan, and then select the reuse option you want from the menu.

   • On the Manage Scans page, select a scan, click Rescan and select the reuse option you want from the drop-down menu.

   For information about the rescan options, see Reuse Options.

2. Using the Scan Wizard, you may optionally modify the settings that were used for the original scan.

   Tip: For incremental scans, it might be beneficial to change settings to discover new attack surface. However, changing settings is not recommended for remediation scans.

   Note: By default, the type of reuse scan you selected is prepended to the baseline scan name and a -1 is appended to the end.

3. On the last step of the Scan Wizard, click Scan.

See Also

Incremental Scanning

Retesting and Rescanning