For our invasive scanners, you need to confirm that you can access the application – by uploading a text file to the root directory of the URL.

This section only applies when you chose the “Full Scan”- Scope during the setup process.

Crashtest Security Suite Projects

Before starting our scanners, you need first to verify that the application belongs to you – by uploading a text file to the root directory of the URL.

You will see the lock if you need to verify the project. Otherwise, you will see the start scan.

Crashtest Security Suite Unverified Project

This is necessary to validate that you have access rights to the domain and are legally allowed to perform security scans.

How to Verify

There are three possible ways to verify a project:

  1. File Upload
  2. API Endpoints
  3. Manual Verification (only in the professional package)

Crashtest Security Suite Verify A Project

File Upload

To verify a project via file upload, you need to download the verification file (a .html file). This file contains a unique and secure hash. Upload the file so that it is available under the root directory of the URL you entered when creating the project. Your specific path is displayed in your project setting (see screenshot below).

After you have uploaded this file, you can initiate the verification. Afterward, your project is ready to scan.

Crashtest Security Suite Verification via File Upload

API Endpoints

To verify using API endpoints, update your API to include any of the following GET statements. (replace “” with your API domain and “XXXXX” with your specific value that you can retrieve from the software)


Any of the API endpoints listed above should return the project verification hash, which you can copy into the software.

Manual Verification

Get in touch with our customer support if the automatic verification options are not possible for you. We will help you to verify your project.

If your project is protected by HTTP Basic Authentication (htaccess protection), you need to configure the username and password in the project settings before verifying the project.


Identify Security Vulnerabilities in Your Web Apps and APIs