Advanced Features & Customizations
      Back to home
      1. Help Center
      2. Advanced Features & Customizations

      What are Licensing Suggestions?

      Licensing suggestions determine the appropriate level of testing required by a web application based on metadata.

      What License should be Applied to a Web Application?

      The depth of testing a web application requires is not always apparent, which can incur difficulties when making decisions about what licenses should be applied. Organizations also need to balance budgetary constraints, while ensuring that risk is accurately quantified in their web applications. This begs the question, does a given web application require a penetration test or would a vulnerability assessment be sufficient?

      How Licensing Suggestions Works

      The licensing suggestions feature in the Edgescan platform determines what licenses should be applied based on the functionality of a web application. Once an application is crawled and scoped by Edgescan’s operations team, licensing suggestions will be generated. added into the assets tab in the platform and are available in the highlighted location below, they will provide recommendations based on our experience how testing may be improved. 

      Licensing Suggestions Factors for Consideration

      There are at least nine factors that influence licensing suggestions. These include but are not limited to:

      • Size and complexity of a web application- Application size gauges the potential effort that would be required to test all functionalities. The number of functions generally correlates
        • Small applications- Single Page Applications with 1-2 functions
        • Medium applications- Applications with 2-6 functions
        • Large applications- Applications with 8 or more functions
      • API capabilities- Edgescan looks for the presence of API endpoints on a piece of scoped technology. When an API is discovered, manual testing is required to ensure adequate depth of testing.
      • Shopping cart function- If an application has shopping cart functionality, a manual business logic assessment is required.
      • File upload function- When an application has file upload functionality, automated testing will not be sufficient.
      • Self-registration- If a web application has the ability to self-register credentials, it’s assumed that an attacker could access a privileged part of a site. Manual testing is required to ensure robust controls around data access.
      • Authentication- If a web application requires authentication to access functionality, we will always recommend to test with credentials.
      • Personally Identifiable Information (PII)- If Edgescan determines that a user can add or edit personally identifiable information on a web application, especially if that functionality is not behind authentication, manual testing is required.
      • Scan workflow- A qualified Edgescan Pen Tester will determine whether there are logic steps in the workflow that prevent Edgescan’s crawling engine from finding all of the endpoints in scope without manual intervention. If manual intervention is required, it is considered a complicated scan workflow and manual testing is required to ensure comprehensive testing.
      • Human intervention- Any other factors that are not captured by the above will be taken into consideration by Edgescan’s expert penetration testers to determine any additional licensing suggestions.