Automated Scanning is the quickest way to discover vulnerabilities in your web apps. Using it is as easy as adding new domains, and those will be scanned automatically. Even more relevant, Recurrent Scanning is activated by default, so your domains will be scanned once every 7 days.

To add a new domain, go to Automated Scans on the navbar on the left and click on the "Add New" button on the top right. A pop-up will appear on your screen, where you can write the domain or subdomain you want to test.

Once your domain is correctly written, the next step will be to verify its ownership. This is an important security measure to ensure the domains you need to test are in fact yours. We won't let, for example, Coca-Cola scan any Pepsi domains.

If the domain you are trying to verify is the same one that you are using to log in to Strike, it will be validated automatically.

If it's not, then the verification consists of adding a txt in your DNS record. The txt will be provided by Strike. Once you add it, it will take some time to verify. It usually takes between 5-10 minutes, but sometimes it can take an hour max. If your domain is not verified after that time, please ask your customer success manager to do a manual verification.

Domain authentication is optional for those who need credentials to access a specific part of the web app that needs to be tested. Further information about domain authentication will be provided in a future article. If you need help, don't hesitate to contact us