Adding or Editing Scanning Credentials

Credentials must be provided for WhiteHat Dynamic to scan sites that require user authentication (where users must log in for access). As a Sentinel Administrator, you can add and edit these scanning credentials in the WhiteHat Portal. We recommend that you provide two sets of scanning credentials for each site: a primary set and a secondary set to use as a backup.

Never provide the credentials of an existing user as a set of scanning credentials.

This article explains how to add, edit, and disable scanning credentials from the Site Details page, under the Assets tab. You can enter scanning credentials for both regular site scans and Business Logic Assessments (BLAs).

WhiteHat Dynamic supports authenticated scanning of sites that implement multi-factor authentication (MFA). The supported MFA methods are: Time-based One-time Password (TOTP), Mobile SMS, and Email. For more information, see Multi-factor Authentication for Assessments.

Adding Scanning Credentials

To add scanning credentials to a site, perform the following steps:

  1. In the Portal, select Assets > Site Details.

  2. Select the site to which you want to add scanning credentials.

  3. On the Site Details page, select the Scan subtab.

    assets scan screen
  4. Click Add Credentials.

  5. In the Add Credentials dialog, enter a Credential Name for your reference.

    add scan credentials mfa checkbox
  6. Enter login information for the Primary scanning credentials. You need to provide the Username, Password, Login Entrance URL, and Destination URL.

  7. Enter any additional Login Notes for the primary set of scanning credentials.

  8. If the site uses Time-based One-time Password (TOTP) MFA, where users authenticate using a TOTP token generated in an authenticator app, perform the following steps:

    1. Select the Enable Time-based One-time Password (TOTP) MFA checkbox.

    2. Enter the Secret Key for your MFA provider account in the TOTP Secret Key field.

      WhiteHat Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a Secret Key. The TOTP provider must use SHA-1 hashing and Base32-encoded Secret Keys. For more information, see Setting up Time-based One-time Password (TOTP) MFA.
    3. (Recommended) Enter login information for a second set of Backup scanning credentials. You can also enter Login Notes.

  9. Click Save.

The primary and secondary scanning credentials (if provided) are now available for use by WhiteHat Dynamic.

Editing Scanning Credentials

To edit existing scanning credentials for a site, perform the following steps:

  1. In the Portal, select Assets > Site Details.

  2. On the Site Details page, select the Scan subtab.

  3. Click the blue chevron expand credentials arrow to expand the credentials that you want to edit.

    edit scan credentials 1
  4. Click Edit and then update the desired Primary and Backup login information.

  5. Click Save.

Adding, Editing, or Disabling Business Logic Assessment Credentials

For sites under the WhiteHat DAST Premium Edition (PE) service, you can manage scanning credentials used in Business Logic Assessments (BLAs) directly in the Portal.

If you are using a standalone BLA license for a site under the WhiteHat DAST Standard Edition (SE) service, you must contact Synopsys to add BLA scanning credentials.

Adding BLA Scanning Credentials

To add BLA scanning credentials, perform the following steps:

  1. In the Portal, select Assets > Site Details.

  2. On the Site Details page, select the Services subtab.

  3. Click Add Credentials:

    bla add credentials
  4. First, enter a name for the set of BLA credentials. This will be displayed on the Services subtab.

    bla adding credential info
  5. Enter login information for the Primary BLA scanning credentials. You need to provide the Username, Password, Login Entrance URL, and Destination URL.

  6. Enter any additional Login Notes for this set of BLA credentials.

  7. If the site uses Time-based One-time Password (TOTP) MFA, where users authenticate using a TOTP token generated in an authenticator app, perform the following steps:

    1. Select the Enable Time-based One-time Password (TOTP) MFA checkbox.

    2. Enter the Secret Key for your MFA provider account in the TOTP Secret Key field.

      WhiteHat Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a Secret Key. The TOTP provider must use SHA-1 encryption and Base32-encoded Secret Keys. For more information, see Setting up Time-based One-time Password (TOTP) MFA.
  8. (Recommended) Enter login information for a second set of Backup BLA scanning credentials. You can also enter Login Notes.

  9. Click Save to save the BLA credentials.

Using the provided BLA credentials, Threat Research Center (TRC) engineers can now perform a BLA for the selected site.

Editing BLA Scanning Credentials

To edit BLA scanning credentials, perform the following steps:

  1. In the Portal, select Assets > Site Details.

  2. On the Site Details page, select the Services subtab.

  3. Click the down arrow to expand the BLA credentials that you want to edit.

    edit BLA credentials
  4. Click Edit and then update the login information you want to change.

  5. Click Save.

Disabling BLA Credentials

  1. To disable a set of BLA credentials, select them from the list, and then click Disable Credentials.

    bla disable credentials 1
  2. Select Confirm to disable the selected credentials.

    bla credentials disable confirm

The disabled credentials are longer used for BLAs. To ensure your BLA can be completed appropriately, replace the credentials you disabled.

Setting Up Email Notification for BLA Status Changes

You can enable email notifications for certain BLA status changes in your Profile.