Environment Profile
The per-host fingerprint that lets WASViking analyzers adapt to your stack instead of firing a static catalog.
The Environment Profile is a per-host fingerprint WASViking® captures on every scan. It is the reason analyzers can adapt payloads to the detected stack and produce findings that survive engineering review.
What it captures
A profile records, per host:
| Dimension | Examples |
|---|---|
| Stack | Spring Boot 2.x, Django 4.2, ASP.NET 6, Express 4. |
| Protocols | REST, OpenAPI 3.x, GraphQL, SOAP 1.1/1.2, WebSocket, gRPC. |
| Defenses | Cloudflare WAF, AWS WAF, ModSecurity, rate limiting, bot management. |
| Auth surface | Form login present, OIDC issuer, JWT verify endpoint, Bearer support. |
| Frontend | SPA flag (Next.js, React, Vue), SSR markers, hydration patterns. |
| Headers | CSP class (strict, report-only, none), HSTS, COOP/COEP, Referrer-Policy. |
| TLS | Protocol version, cipher class, certificate chain quality. |
| Signals | Server header, X-Powered-By, generator meta, response timing. |
How analyzers consume it
The profile is shared with every analyzer running in the same scan, so they all read from the same source of truth. Six analyzers calibrate against the profile:
| Coverage | What it adapts |
|---|---|
| SQL Injection | DBMS fingerprint drives payload variant selection. |
| Cross-Site Scripting (XSS) | SPA detection switches to headless browser execution. |
| Injection class | Defenses inform payload class selection (e.g., suppress noisy SSRF where egress filtering is detected). |
| JWT and token security | JWKS placement determines kid-confusion attempts. |
| Sensitive file and path exposure | Server stack drives the positive-fingerprint set. |
| Security headers | Profile drives severity calibration. |
Why this matters
Static-payload scanners produce noise because they cannot tell a Postgres endpoint from a SQLite endpoint, an SPA from a server-rendered app, or a WAF-fronted endpoint from a bare one. Calibrated payloads reduce false positives without reducing coverage.
A second-order benefit: the profile is itself a discovery artifact you can read in the portal. "Host runs Spring Boot 2.x with a JWT-protected REST API, HSTS on, no CSP, has an admin login form" is more useful than "host returned 200 OK".
Persistence
The profile is stored per scan. The portal surfaces it under the scan detail page so the team can see what the engine saw.
How coverage grows
Every signal the profile records is consumed by at least one analyzer. New fingerprint signals are added only when an analyzer adapts to them, so the profile stays a working input to detection rather than a descriptive sidebar.