Comparing different types of assessment
By default, XBOW runs a comprehensive assessment of your target. After fixing vulnerabilities, you can run a retest assessment to verify the fixes.
For information about the tests run, see Attack types.
Comprehensive application assessment
A comprehensive assessment performs a full security evaluation across your entire application, testing for all vulnerability types supported by XBOW.
This is the default assessment type and is used for initial Lightspeed assessments.
When to use:
- First time testing an application with XBOW
- Regular security assessments to identify all potential vulnerabilities
- Compliance or audit requirements that need complete coverage
- When you want to understand your overall security posture
What it tests:
- All OWASP Top Ten vulnerability classes
- Application-wide security controls
- Authentication and authorization mechanisms
- All accessible endpoints and functionality
Retest previous vulnerabilities
A retest assessment verifies whether previously identified vulnerabilities have been fixed or mitigated.
XBOW attempts to reproduce the original exploit to confirm the fix. If the original exploit is blocked, XBOW applies advanced exploitation techniques to ensure that fixes are comprehensive and cannot be bypassed.
When to use:
- After fixing or mitigating vulnerabilities from a previous XBOW assessment
- To verify that security patches are effective
- When you need evidence that vulnerabilities are fixed
- Before deploying fixes to production
What it tests:
- Previously identified vulnerabilities using the original exploits
- Potential bypasses of implemented fixes
- Alternative exploitation techniques if the original exploit fails
Note: Retests do not test vulnerabilities that are already marked as “Fixed” or “Intended”.