Lightspeed quick start

This quick start guide walks you through setting up and running your first XBOW Lightspeed assessment.

You’ll get an email when your results are ready, see Explore and fix XBOW results.

Get started

  1. Choosing a target to test.
  2. Sign up through the XBOW company site or a partner.
  3. Our team will contact you to discuss your assessment.

Define your assessment configuration

After receiving the welcome email, you’re ready to configure your assessment.

  1. Log in to XBOW Console, https://console.xbow.com, to view the “Target configuration” page.
  2. Using the “Credentials” area, define how XBOW can access your target for testing.
  3. Choose your authentication method:
    • If the target does not require authentication to test, enable I want to perform an unauthenticated test.
    • Otherwise, define how XBOW can authenticate using a test account. For detailed information, see Define authentication for testing.
  4. Optional. Upload source code and documentation to give XBOW more information about your target. This information makes testing more effective. For more information, see Guiding XBOW testing.

Confirm XBOW can access your target

After defining how XBOW should authenticate with your target, you need to make sure that your server will accept test requests from XBOW. For more information, see Configure your server to allow XBOW requests.

  1. At the bottom of the page, read the confirmation section carefully.
  2. Check that your firewall is configured to allow XBOW test requests, then select the WAF confirmation checkbox.
  3. Check that CAPTCHA is disabled for the test account, then select the CAPTCHA confirmation checkbox.
  4. Click Start checks to validate your configuration. Alternatively, Save your configuration.

Check and finalize your configuration

When you start checks, XBOW explores the configuration and verifies that it can:

  • Access the target
  • Authenticate with it if credentials are included
  • Find at least one domain to attack

All discoveries are reported on the “Configuration check” page, with warnings or errors for problems.

  1. You must fix any errors before you can request a quote for the assessment, see Fix configuration check problems.
  2. You should also review any warnings to ensure that the assessment will meet your needs.
  3. Optional. Expand the “Blocked URLs” section and specify any URLs that should not be tested, see Blocked URLs.

Align the execution options with your site’s needs

The “Execution options” section gives you control over when tests run, the rate test requests are sent to your site, and whether or not to allow multiple concurrent sessions.

The default settings allow XBOW to run tests at maximum speed and concurrency. However, you should review the settings and change them to match the capabilities of your site. For example:

  • Keeping Unlimited requests/second could overload your site or the test user might exceed rate limits and be blocked. Check what your site supports.
  • If concurrent sessions for the same user are not supported, under “Sequential mode” check Enable.

For more information about these settings, see Configure your server to allow XBOW requests.

Request a quote

When you are confident that your configuration is correct, click Request a quote. The “Run assessment” page is shown with an “Assessment pending” header.

What happens next?

After you have accepted the quote, your assessment will start. XBOW reports findings on the “Run assessment” page as they are detected.

Note: The progress bar will stop at 90% when the AI agents complete their assessment.

The assessment moves to completed only after a human pentester has verified the findings. You will receive an email when the results and report are ready.

Next step