Adding or Editing Scanning Credentials
Credentials must be provided for Continuous Dynamic to scan sites that require user authentication (where users must log in for access). As a Sentinel Administrator, you can add and edit these scanning credentials in the Continuous Dynamic Portal. We recommend that you provide two sets of scanning credentials for each site: a primary set and a secondary set to use as a backup.
Never provide the credentials of an existing user as a set of scanning credentials. |
This article explains how to add, edit, and disable scanning credentials from the Site Details page, under the Assets tab. You can enter scanning credentials for both regular site scans and Business Logic Assessments (BLAs).
Continuous Dynamic supports authenticated scanning of sites that implement multi-factor authentication (MFA). The supported MFA methods are: Time-based One-time Password (TOTP), Mobile SMS, and Email. For more information, see Multi-factor Authentication for Assessments. |
Adding Scanning Credentials
To add scanning credentials to a site, perform the following steps:
-
In the Portal, select Assets > Site Details.
-
Select the site to which you want to add scanning credentials.
-
On the Site Details page, select the Scan subtab.
-
Click Add Credentials.
-
In the Add Credentials dialog, enter a Credential Name for your reference.
-
Enter login information for the Primary scanning credentials. You need to provide the Username, Password, Login Entrance URL, and Destination URL.
-
Enter any additional Login Notes for the primary set of scanning credentials.
-
If the site uses Time-based One-time Password (TOTP) MFA, where users authenticate using a TOTP token generated in an authenticator app, perform the following steps:
-
Select the Enable Time-based One-time Password (TOTP) MFA checkbox.
-
Enter the Secret Key for your MFA provider account in the TOTP Secret Key field.
Continuous Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a Secret Key. The TOTP provider must use SHA-1 hashing and Base32-encoded Secret Keys. For more information, see Setting up Time-based One-time Password (TOTP) MFA. -
(Recommended) Enter login information for a second set of Backup scanning credentials. You can also enter Login Notes.
-
-
Click Save.
The primary and secondary scanning credentials (if provided) are now available for use by Continuous Dynamic.
Editing Scanning Credentials
To edit existing scanning credentials for a site, perform the following steps:
-
In the Portal, select Assets > Site Details.
-
On the Site Details page, select the Scan subtab.
-
Click the blue chevron to expand the credentials that you want to edit.
-
Click Edit and then update the desired Primary and Backup login information.
-
Click Save.
Adding, Editing, or Disabling Business Logic Assessment Credentials
For sites under the DAST Premium Edition (PE) service, you can manage scanning credentials used in Business Logic Assessments (BLAs) directly in the Portal.
If you are using a standalone BLA license for a site under the DAST Standard Edition (SE) service, you must contact Black Duck to add BLA scanning credentials.
Adding BLA Scanning Credentials
To add BLA scanning credentials, perform the following steps:
-
In the Portal, select Assets > Site Details.
-
On the Site Details page, select the Services subtab.
-
Click Add Credentials:
-
First, enter a name for the set of BLA credentials. This will be displayed on the Services subtab.
-
Enter login information for the Primary BLA scanning credentials. You need to provide the Username, Password, Login Entrance URL, and Destination URL.
-
Enter any additional Login Notes for this set of BLA credentials.
-
If the site uses Time-based One-time Password (TOTP) MFA, where users authenticate using a TOTP token generated in an authenticator app, perform the following steps:
-
Select the Enable Time-based One-time Password (TOTP) MFA checkbox.
-
Enter the Secret Key for your MFA provider account in the TOTP Secret Key field.
Continuous Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a Secret Key. The TOTP provider must use SHA-1 encryption and Base32-encoded Secret Keys. For more information, see Setting up Time-based One-time Password (TOTP) MFA.
-
-
(Recommended) Enter login information for a second set of Backup BLA scanning credentials. You can also enter Login Notes.
-
Click Save to save the BLA credentials.
Using the provided BLA credentials, Threat Research Center (TRC) engineers can now perform a BLA for the selected site.
Editing BLA Scanning Credentials
To edit BLA scanning credentials, perform the following steps:
-
In the Portal, select Assets > Site Details.
-
On the Site Details page, select the Services subtab.
-
Click the down arrow to expand the BLA credentials that you want to edit.
-
Click Edit and then update the login information you want to change.
-
Click Save.
Disabling BLA Credentials
-
To disable a set of BLA credentials, select them from the list, and then click Disable Credentials.
-
Select Confirm to disable the selected credentials.
The disabled credentials are longer used for BLAs. To ensure your BLA can be completed appropriately, replace the credentials you disabled.
Setting Up Email Notification for BLA Status Changes
You can enable email notifications for certain BLA status changes in your Profile.