How do I create a web application?

Before you can start your first WAS scan you need to add a web application to scan. There are two ways to add a web application in Security Center. The first way which involves the WAS catalog you can read about here: http://support.holmsecurity.com/hc/en-us/articles/115001019829

For the second way please follow these instructions:

  1. Login to Security Center.
  2. Click Asset Manager go to Web applications
  3. Click +Add web application.
  4. Under the headline General Information enter the following:
    • Web application: the URL of the web application that will act as starting point for all your WAS scans. Examples URLs:
      • http://www.yourbusiness.com
      • https://www.yourbusiness.com
      • http://www.yourbusiness.com/subfolder
      • http://www.yourbusiness.com/subfolder/page.html
      • https://www.yourbusiness.com:7443
      • http://123.123.123.123
    • Application name: the name of the web application.
    • Business impact: The importance of the web application.
    • Owner: the owner of the web application.
  5. Under the headline Application details enter the following:
  6. Under the headline Scan settings enter the following:
    • Scan profile: select the scan profile for the schedule.
    • Scanner appliance: select External for external scanning of your web application from Holm Security VMP cloud platform, or select an installed scanner appliance for local scanning.
    • Crawl all links and directories found in robots.txt, if present: check to enable. Notice that all URLs found will be scanned even if they are set to "Disallow".
    • Crawl all links and directories found in sitemap.xml, if present: check to enable.
    • Headers and cookies: Add headers to inject into the Holm Security WAS scanner, this setting is used if you want to impersonate a special web browser for example.
  7. Under the headline Authentication enter the following:
  8. Under the headline Crawl exclusion list enter the following:
    • Under the headline Whitelist enter the following:
      • URLs: check to enable, whitelisting a URLs will override blacklisted URLs. If you define a whitelist and don’t add any URLS to your blacklist, all URLS except those in whitelist will be considered blacklisted and therefore not scanned.
      • URL: enter URLs you want to whitelist.
      • Regular expressions: check to enable, whitelisting a regular expression will override blacklisted regular expressions. If you define a whitelist and don’t add any regular expressions to your blacklist, all regular expressions except those in whitelist will be considered blacklisted and therefore not scanned.
      • Regular expressions: enter regular expressions you want to whitelist.
    • Under the headline Blacklist enter the following:
      • URLs: check to enable, blacklisted URLS will not be scanned by Holm Security WAS scanner
      • URL: enter URLs you want to blacklist.
      • URL Extensions: enabled by default, you can choose to disable this if wanted.
      • URL Extension: some extensions that can cause the scan to take longer time is already added to the blacklist. You can add more by typing in the extension and pressing Enter or remove extensions by clicking the "x" next to the extension. Blacklisted extensions will not be scanned by Holm Security WAS scanner.
      • Regular expressions: check to enable, blacklisted regular expressions will not be scanned by Holm Security WAS scanner.
      • Regular expressions: enter regular expressions you want to blacklist.
  9. Done!
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.