How are scan categories defined and used?

In S4E, every scan is assigned to a specific category that reflects the type of risk it targets. These categories help organize scans and allow you to control what is checked during Full or Continuous scans.

The available scan categories include:

  • DNS Controls – Checks for DNS configuration issues and record mismanagement
  • SSL Controls – Detects expired, weak, or misconfigured SSL/TLS certificates
  • Misconfiguration – Flags insecure or incorrect settings in services and frameworks
  • Network Vulnerabilities – Scans for exposed ports, weak protocols, and common network issues
  • Web Vulnerabilities – Detects common web flaws like SQLi, XSS, or insecure endpoints
  • Information Scans – Identifies publicly exposed or sensitive metadata
  • Product-Based Web Vulnerabilities – Targets CVEs specific to web technologies (e.g., CMS flaws)
  • Product-Based Network Vulnerabilities – Scans for known issues in infrastructure products

  • Exposed Panels – Detects admin panels, dashboards, or sensitive interfaces left open


When setting up a scan, you can choose to enable or disable any of these categories. This allows you to tailor the scan to your specific security goals — whether you want broad coverage or a focused assessment on a particular risk type.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us