Reference

Technical reference documentation for XBOW Console.

Articles in this section

• Access requirements

  IP addresses and hostnames used by XBOW for penetration testing. Configure your firewall to allow XBOW access.

• Artifacts supported to guide testing

  Reference for XBOW artifact uploads: supported file formats for source code, and for Attack surface, Priorities, and Attack strategy cards.

• Attack types

  Reference list of XBOW attack types, including specific vulnerability categories such as SQL injection, XSS, SSRF, and RCE, plus common security checks.

• Authentication methods

  Methods supported for XBOW to authenticate to access a target and assess it.

• Blocked URLs

  Configure which endpoints XBOW can attack, access for authentication only, or block entirely during penetration testing.

• Scope configuration

  Configure domain scope rules for XBOW penetration testing. Learn about attackable, allow, and blocked domain settings.

• Target types

  Web applications supported for XBOW penetration testing, including requirements and compatibility considerations.

• Vulnerability classification

  Vulnerabilities detected by XBOW grouped by Common Weakness Enumeration (CWE) classification.