Fix configuration check problems

Before beginning a security assessment, XBOW runs a configuration check to validate that your environment is ready for testing. This preflight phase reduces the risk of incomplete or inaccurate results.

Tip: The “Configuration check” page displays specific error messages for each failed check. Review these messages carefully as they often indicate the exact problem you need to fix.

For details about the configuration check process, see Checking configurations before assessment.

Target is unreachable

If XBOW cannot reach your target:

  1. Verify the target URL is correct on the “Target configuration” page and that your application is accessible at that URL.
  2. Confirm that you have configured firewall access for XBOW. See Configure your server to allow XBOW requests.
  3. Verify your application is running and responding to requests.
  4. Ensure DNS is resolving correctly.

Authentication is unsuccessful

If XBOW cannot authenticate:

  1. Verify credentials are correct by testing them manually.
  2. If your site uses multi-factor authentication, verify that MFA is correctly configured for XBOW. See Define authentication for testing.
  3. If your site uses CAPTCHA, ensure that it is disabled for the test account.
  4. Verify the account is not locked or disabled.
  5. If you provided specific authentication instructions on the “Target configuration” page, check that they are correct.

Limited scope discovery

If XBOW discovers limited scope:

  1. Verify the test account has sufficient permissions to access all areas of the application you intend to test.
  2. Check that the application is fully functional.
  3. Review authentication flow to ensure it completes successfully.
  4. Manually navigate the application with the test account to verify it can access all intended functionality. If components are missing, check account permissions and application configuration.

If scope discovery remains limited after following these steps, see Review domain scope.

Retry checks

When you have fixed any problems reported on the “Configuration check” page, click Retry checks to validate the fixes.

Next step