How-to guides

Step-by-step guides for common tasks in XBOW Console.

Articles in this section

• Define an assessment type

  • Enterprise only

  Choose between a comprehensive XBOW application assessment and a vulnerability retest. Step-by-step guide for Enterprise users.

• Define authentication for testing

  Configure test account credentials for XBOW penetration testing. Supported methods include username/password, magic links, MFA with TOTP, and bearer tokens.

• Provide XBOW with context to guide testing

  Upload source code and documentation to guide XBOW testing. Enterprise users can also configure detailed assessment guidance.

• Configure your server to allow XBOW requests

  Configure your firewall and WAF to allow XBOW penetration testing. Learn about IP allowlisting, custom headers, and WAF bypass options.

• Set test execution options

  Align the test execution parameters with your server and security team requirements.

• Fix configuration check problems

  Troubleshoot XBOW configuration check issues including target validation, credential verification, and scope discovery problems.

• Run assessment

  Start your XBOW security assessment after configuring scope and reviewing test parameters.

• Explore and fix XBOW results

  Explore XBOW security findings, vulnerability classifications, and remediate the most severe vulnerabilities.

• Validate results with canary tokens

  • Enterprise only

  Set up canary tokens in your application to give XBOW verifiable attack targets for business logic flaws, SQL injection, local file read, and remote code execution.