Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.
Overview
About Fortify DAST
Fortify DAST is a comprehensive dynamic application security testing (DAST) tool that is designed to identify vulnerabilities in deployed web applications and services. It can be integrated with Agile and Scrum testing cycles. Fortify DAST offers scalability by allowing developers to run scans on their own.
Why integrate Fortify DAST into the Vulcan platform?
The Fortify DAST Connector by Vulcan integrates with the Fortify Software Security Center platform to pull and ingest assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Fortify DAST Connector Details
Supported products | |
Category | Application Security - DAST |
Ingested asset type(s) | Websites |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Generate API ID and Secret Keys
Access your Fortify DAST account by logging in with your credentials. Ensure you have administrative access to proceed with the setup.
Go to the Administration section > Settings > API
Click on Add Key to initiate the creation of a new API key.
In the provided fields, enter a name for the application in the Application Name section. Choose a name that reflects its connection with Vulcan Cyber.
Select the role of Start Scans from the list of available roles. This role enables the application to initiate scans via the API.
Ensure you enable API authorization by checking the Authorize app to use API option.
After filling out all necessary information, click Save to finalize the creation of the API key.
Upon saving, copy the Secret Code presented to you. Make sure to store it in a secure location as it is critical for integration and won't be displayed again.
Similarly, copy the API Key for the application. This key, along with the secret code, will be required for the integration with Vulcan Cyber.
Configuring the Fortify DAST Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Fortify DAST icon.
Set up the Connector as follows:
Select the relevant Data Center (USA, EMEA, APAC, FedRAMP, or TRIAL).
Insert the Client API and Secret IDs you generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Fortify DAST instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the Fortify DAST icon shows Connected, the sync is complete.
Fortify DAST in the Vulcan Platform
Viewing Fortify DAST vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Connector is Fortify DAST.
You can add more filters to narrow down your search further.
See the complete list of available vulnerability filters.Click on a vulnerability for more vulnerability details.
Viewing Fortify DAST assets in the Vulcan Platform
To view assets by Connector:
Go to the Assets page > Websites
Click on Filter and set the condition to Assets > Connector is Fortify DAST.
You can add more filters to narrow down your search further.
See the complete list of available asset filters.Click on any asset for more asset details.
Taking Action on vulnerabilities and assets detected by Fortify DAST
To take remediation action on vulnerabilities and assets detected by Fortify DAST:
Go to the Vulnerabilities pr Assets Page.
Use the Filter to filter vulnerabilities by the Fortify DAST connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.
Select the relevant Vulnerabilities/assets out of the results list.
Click on Take Action to proceed with remediation or further actions.
Automating remediation actions on vulnerabilities detected by Fortify DAST
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.