Submitting dynamic scan requests to Fortify WebInspect Enterprise

If OpenText DAST is installed in your environment, and you are assigned to one of the following roles, you can request scans from Application Security:

  • Administrator
  • Security Lead
  • Manager
  • Developer

To create a scan request for an application version:

  1. From the Dashboard or Applications view, select the application version that you want to have scanned, and then select Artifacts.

  2. On the ARTIFACT HISTORY page, click DYNAMIC SCAN.

  3. Provide the information described in the following table.

    The following table does not list custom dynamic scan attributes that you or another Application Security Administrator might have added to the system.

    Dynamic scan attribute

    		Description
    URL(Required) URL of the site to scan
    Site LoginUsername required to log on to the site to scan
    Site Passcode Password to use to gain access to the site
    Network LoginUsername required for network authentication
    Network Passcode Password required for network authentication
    Related Host Name(s) Allowable hosts for the application to scan
    Web Services UsedComma-delimited list of web services used by the application to scan
    Technologies UsedComma-delimited list of technologies used by the site to scan
    Compliance ImplicationsInformation about any potential compliance implications
    Allowable Scan Times

    Dates and times during which the tester can perform the scan

    For example: From 17:00 h to 06:00 h, Monday through Friday, from 09/03/18 to 11/30/18

    You can run the scan immediately instead of scheduling it to run later.

    WSDLBrowse to and select your Web Services Description Language file (*.wsdl, *.webmacro, or *.xml)

    The dynamic tester who handles the scan request on OpenText DAST might have interest in additional application version attributes, such as business risk and compliance implications. The tester can use existing web services methods to retrieve those attributes for an application version.

  4. Click SUBMIT.

    Application Security displays a message to verify that the request submission was successful.

    Next, the OpenText DAST tester who monitors and responds to scan requests runs the scan during the hours you specified, and then uploads the results to Application Security.

  5. If you are a Application Security Administrator or Application Security Tester, you can run the requested dynamic scan immediately from Fortify WebInspect Enterprise.

See Also

Viewing OpenText DASTanalysis results in Application Security

Processing dynamic scan requests from Fortify WebInspect Enterprise