Skip to main content
All CollectionsScan Findings
Inconsistent Scan Findings
Inconsistent Scan Findings

Are you seeing varied findings when scanning the same application?

Anthony Stinn avatar
Written by Anthony Stinn
Updated over a year ago

Consistency is key when scanning your application for vulnerabilities. Being able to efficiently and accurately scan your application each time, gives you confidence in the results you are getting back. There are a few different reasons you could see inconsistencies in your scan findings. Read on to learn more!


We recommend taking the following into account when diagnosing inconsistent scan findings. But if you are still having trouble or have further questions, please get in touch with our Support Team!

Authentication

Having valid and functioning authentication in your HawkScan configuration allows your application to be scanned in its entirety. However, if the authentication configured is inaccurate or inconsistent, that will reflect in the discovered vulnerabilities.

When configuring HawkScans authentication to your app. You will need to define Authorization. Authorization ensures the scanner maintains a valid, logged-in session with your application. This is typically done by passing tokens/cookies between your application and the scanner. If misconfigured, this can cause the scanner to become logged out of your application during the scan. Ultimately limiting the number of discoverable paths and creating an inconsistency in the discovered vulnerabilities.

By ensuring that your Test-Path and Logged-In/Out Indicators are accurate and functioning, you can keep the scanner from getting logged out and continuing to scan your app. These functions are in place to ensure that the scanner not only gets logged into your application but stays logged in throughout the scan.

Check out our guide on Authenticated Scanning Here!


Application Performance

As mentioned at the top of this article. Consistency is key! Not only with the scanner and its configuration but also with your application. By ensuring that your application is running efficiently, we can prevent inconsistencies in Scan Findings.

When HawkScan is spidering an application and running tests against it. If latency or time-outs occur in the application's response to the scanner. This can cause the scanner to interpret a vulnerability. This is particularly true regarding time-based tests.

If application performance is inconsistent when responding to the scanner, running multiple scans across the same application will likely result in varied findings.


Ajax Spider / Dynamic Applications

When scanning an application and observing varied vulnerability results. It is important to consider discovered paths. If the number of paths found is different from one scan to the next, this may cause a difference in the vulnerabilities found.

Ajax Spider

The Ajax Spider is designed to discover paths in your application by observing the actions it's taking on the back end. Through this, it builds a site tree of paths for tests to run against. This is opposed to the traditional Base Spider that builds the site tree from the anchor tags defined in the application's HTML. Because the Ajax Spider dynamically builds this site tree by listening to an application's back end, it can cause the discovered paths to be less consistent. Which, in turn, can cause varied scan results.

Dynamic Applications

Similar to the above with the Ajax Spider. Having a particularly dynamic application can also be a cause for varied scan results. If your application is constantly changing, this can ultimately impact the findable paths from one scan to the next, causing varied results in found vulnerabilities.


Environmental Limitations

While there are some specific causes for Inconsistent Scan Findings, it is essential that you do not rule out possible Environmental Limitations for where your application and HawkScan are running.

Be on the lookout for things like Network Latency, WAFs, VPNs, and general resource constraints. If something within your environment is holding back or limiting the scanner. This can result in inconsistencies with overall test results and findings reported.


Additional Resources

If you still have issues diagnosing varied scan results, don't hesitate to contact our Support Team! We would be more than happy to take a deeper look and see what we can do to improve your results.

You can contact us by emailing support@stackhawk.com or by using the chat widget on our website!

Did this answer your question?