How do I create a web application?

Before you can start your first WAS scan you need to add a web application to scan. There are two ways to add a web application in Security Center. The first way which involves the WAS catalog you can read about here: http://support.holmsecurity.com/hc/en-us/articles/115001019829

For the second way please follow these instructions:

  1. Login to Security Center.
  2. Click Scan webb app, go to Web applications
  3. Click +Add web application.
  4. Under the headline Asset details enter the following:
    • Target: the URL of the web application that will act as starting point for all your WAS scans. Examples URLs:
      • http://www.yourbusiness.com
      • https://www.yourbusiness.com
      • http://www.yourbusiness.com/subfolder
      • http://www.yourbusiness.com/subfolder/page.html
      • https://www.yourbusiness.com:7443
      • http://123.123.123.123
    • Owner: the owner of the web application.
    • Application name: the name of the web application.
  5. Under the headline Application details enter the following:
  6. Under the headline Scan settings enter the following:
    • Scan profile: select the scan profile for the schedule.
    • Scanner appliance: select External for external scanning of your web application from Holm Security VMP cloud platform, or select an installed scanner appliance for local scanning.
    • Crawl all links and directories found in robots.txt, if present: check to enable. Notice that all URLs found will be scanned even if they are set to "Disallow".
    • Crawl all links and directories found in sitemap.xml, if present: check to enable.
    • Headers: Add headers to inject into the Holm Security WAS scanner, this setting is used if you want to impersonate a special web browser for example.
  7. Under the headline Authentication enter the following:
    • Authentication information: either you choose a new authentication record or you choose an existing one. If you choose an existing authentication record you also have the possibility to edit this record.
    • Authentication record name: the name of the authentication record.
    • Username: enter the username that is used to login to the web application which is authenticated with server authentication record.
    • Password: enter the username that is used to login to the web application which is authenticated with server authentication record.
  8. Under the headline Crawl exclusion list enter the following:
    • Under the headline Whitelist enter the following:
      • URLs: check to enable, whitelisting a URLs will override blacklisted URLs. If you define a whitelist and don’t add any URLS to your blacklist, all URLS except those in whitelist will be considered blacklisted and therefore not scanned.
      • URL: enter URLs you want to whitelist.
      • Regular expressions: check to enable, whitelisting a regular expression will override blacklisted regular expressions. If you define a whitelist and don’t add any regular expressions to your blacklist, all regular expressions except those in whitelist will be considered blacklisted and therefore not scanned.
      • Regular expressions: enter regular expressions you want to whitelist.
    • Under the headline Blacklist enter the following:
      • URLs: check to enable, blacklisted URLS will not be scanned by Holm Security WAS scanner
      • URL: enter URLs you want to blacklist.
      • Regular expressions: check to enable, blacklisted regular expressions will not be scanned by Holm Security WAS scanner.
      • Regular expressions: enter regular expressions you want to blacklist.
  9. Done!
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.