How-to guides

Step-by-step guides for common tasks in XBOW Console.

Articles in this section

• Define an assessment type (Enterprise users)

  Select the right XBOW assessment type for your security testing needs. Choose comprehensive, targeted, or retest assessments.

• Define authentication for testing

  Configure test account credentials for XBOW penetration testing. Supported methods include username/password, magic links, MFA with TOTP, and bearer tokens.

• Provide XBOW with context to guide testing

  Upload source code, documentation, and configuration files to provide XBOW with context that improves testing accuracy and findings.

• Configure your server to allow XBOW requests

  Configure your firewall and WAF to allow XBOW penetration testing. Learn about IP allowlisting, custom headers, and WAF bypass options.

• Set test execution options

  Align the test execution parameters with your server and security team requirements.

• Fix configuration check problems

  Troubleshoot XBOW configuration check issues including target validation, credential verification, and scope discovery problems.

• Run assessment

  Start your XBOW security assessment after configuring scope and reviewing test parameters.

• Explore and fix XBOW results

  Explore XBOW security findings, vulnerability classifications, and remediate the most severe vulnerabilities.