Web Security Audit

Help

You must be signed in to continue.

Have a question that isn't answered here? Join the #app-wsra channel on Slack, or click here to go there directly.

Signing In

01.
  1. Click the "Sign In" button in the header.
    Sign In button
  2. You will be automatically redirected to a Microsoft signin page. Enter your Edgio email address and click "Next." On the following screen, enter your password and click "Next." If you have 2FA enabled, you will be prompted to complete that step.
    Azure Signin page
  3. Once you are signed in, you will see your email address and a "Sign Out" button in the nav bar.
    Navbar showing a successful signin

Starting a Scan

02.
  1. To start a scan, first enter the root domain you wish to scan and click "Start Scan". NOTE: the WSRA app will strip out any subdomains entered into this field. Do not enter "https://" or any URL paths as they will be discarded.
    Domain query input
  2. While the scan is progressing, you will see a animated notification on the button. You can leave the WSRA app at any time; the scan will continue in the background. You can also copy the URL of the site, eg. "https://audit.edg.io/?domain=example.com", and send that link to someone else or open it in your own browser. Scan results will be available for one week before the domain needs to be rescanned.
    Scan in progres
  3. Once the scan is complete, the app will download the results and display them in tabular format.
    Scan results table

Fetching Results

03.
  1. To download results, click either the "Download CSV" button (which will download a CSV dump of the raw data) or the "Download Excel File" button (which will create a new .xlsx file and prompt you to download it).
    Exporting an Excel sheet
  2. The exported sheet will contain the same information as the table. You may still need to provide formatting and create a chart.
    Google Sheet preview