This section only applies when you chose the "Full Scan"-Scope during the setup process.
Before starting our scanners, you need to first verify that the application belongs to you - by uploading a text file to the root directory of the URL.
You will see the lock if you need to verify the project. Otherwise you will see the start scan button on the bottom of the picture.
This is necessary to validate that you have access rights to the domain and are legally allowed to perform pentests.
To verify a project, you need to download the verification file (it is an .html file). This file contains a unique and secure hash. Upload the file so that it is available under the root directory of the URL you entered when creating the project. Your specific path is displayed in your project setting (see screenshot above).
After you have uploaded this file, you can initiate the verification. Afterwards your project is ready to scan.
If your project is protected by HTTP Basic Authentication (htaccess protection), you need to configure the username and password in the project settings before trying to verify the project.