Objective: Set the stage
You now have access to InsightAppSec and want to see how different aspects of your site contribute to the overall domain security. What now?
Let's start by setting up an app.
Add an app
An app is a section of your site that you want to scan for vulnerabilities and manage as one entity. You can specify multiple targets to be included in an app that will apply across all scan configurations. Apps are a way to group your targets together, which in turn allow you to tune scans consistently for all targets in a single grouping, to group results into one place, and to track improvements over time. In order to scan a web application, you will have to create an app and add the targets of your application to this app.
Allowlist IP addresses
During an InsightAppSec scan, your web application may experience a high amount of incoming network traffic. Some firewalls may block attack traffic and prevent InsightAppSec from testing your application for vulnerabilities. In such cases, you must allowlist the IP addresses of the InsightAppSec cloud engines to scan your web applications.
Add an App with the Add App Wizard
- From the left menu, go to Targets and verify that the domain you wish to scan is in the Target Domains list and enabled.
Scanning subdomains
If you wish to scan multiple subdomains of a website, such as mail.mysite.com
and blog.mysite.com
, use wildcards such as *.mysite.com
.
- Open the Add App Wizard by clicking the Add App button on the Apps page.
- On the Details screen, provide a name and optionally a description for this app.
- On the Target URLs step, use the + button to add individual URLs.
- From the Users step, you can assign users to a particular app.
Success! You created an app
Completing the wizard takes you to the Apps page, where you create a scan config to gain visibility into your application security.
What's Next?
Create a scan config to gain visibility into your application security