Reference
Technical reference documentation for XBOW Console.
Articles in this section
-
IP addresses and hostnames used by XBOW for penetration testing. Configure your firewall to allow XBOW access.
-
Reference for XBOW artifact uploads: supported file formats for source code, and for Attack surface, Priorities, and Attack strategy cards.
-
Reference list of XBOW attack types, including specific vulnerability categories such as SQL injection, XSS, SSRF, and RCE, plus common security checks.
- Audit log events
- Enterprise only
Reference for events recorded in the XBOW Console audit log, including user actions, configuration changes, and security-relevant activity.
-
Methods supported for XBOW to authenticate to access a target and assess it.
-
Configure which endpoints XBOW can attack, access for authentication only, or block entirely during penetration testing.
- Data residency
- Enterprise only
- Private preview
Store and process data for your XBOW security assessment in your chosen region. Available regions, data scope, and regional endpoints.
- Scope configuration
- Enterprise only
Configure domain scope rules for XBOW penetration testing. Learn about attackable, allow, and blocked domain settings.
-
Web applications supported for XBOW penetration testing, including requirements and compatibility considerations.
-
Roles available in XBOW with details of the permissions each role grants to organization members.
-
Vulnerabilities detected by XBOW grouped by Common Weakness Enumeration (CWE) classification.
- Webhook events
- Enterprise only
Reference for XBOW Console webhook subscriptions, including available event types, payload formats, and configuration options for automated notifications.