Adding or Editing Scanning Credentials

Credentials must be provided for WhiteHat Dynamic to scan sites that require user authentication (where users must log in for access). As a Sentinel Administrator, you can add and edit these scanning credentials in the WhiteHat Portal. We recommend that you provide two sets of scanning credentials for each site: a primary set and a secondary set to use as a backup.

Never provide the credentials of an existing user as a set of scanning credentials.

This article explains how to add, edit, and disable scanning credentials from the Site Details page, under the Assets tab. You can enter scanning credentials for both regular site scans and Business Logic Assessments (BLAs).

For information about using SMS-based two-factor authentication for assessments, see SMS-Based Two-Factor Authentication.

Adding Scanning Credentials

To add scanning credentials to a site, perform the following steps:

  1. In the WhiteHat Portal, select Assets > Site Details.

  2. On the Site Details page, select the Scan subtab.

    assets scan screen
  3. Click Add Credentials.

  4. In the Add Credentials dialog, enter a Credential Name for your reference.

    add scan credentials mfa checkbox
  5. Enter login information for the Primary scanning credentials. You need to provide the Username, Password, Login Entrance URL, and Destination URL.

  6. Enter any additional Login Notes for the primary set of scanning credentials.

  7. If the site uses Multi-Factor Authentication (MFA), where users authenticate using a time-based one-time password (TOTP) generated in an authenticator app, perform the following steps:

    1. Select the Enable Time-based One-time Password (TOTP) MFA checkbox.

    2. Enter the secret key for your MFA provider account in the TOTP Secret Key field.

      WhiteHat Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a secret key. The TOTP provider must uses SHA1 encryption and Base32-encoded secret keys.
    3. (Recommended) Enter login information for a second set of Backup scanning credentials. You can also enter Login Notes.

  8. Click Save.

The primary and secondary scanning credentials (if provided) are now available for use by WhiteHat Dynamic.

Editing Scanning Credentials

To edit existing scanning credentials for a site, perform the following steps:

  1. In the WhiteHat Portal, select Assets > Site Details.

  2. On the Site Details page, select the Scan subtab.

  3. Click the down arrow to expand the credentials that you want to edit.

    edit scan credentials 1
  4. Click Edit and then update the desired Primary and Backup login information.

  5. Click Save.

Adding, Editing, or Disabling Business Logic Assessment Credentials

For sites under the WhiteHat DAST Premium Edition (PE) service, you can manage scanning credentials used in Business Logic Assessments (BLAs) directly in the WhiteHat Portal.

If you are using a standalone BLA license for a site under the WhiteHat DAST Standard Edition (SE) service, you must contact Synopsys to add BLA scanning credentials.

Adding BLA Scanning Credentials

To add BLA scanning credentials, perform the following steps:

  1. In the WhiteHat Portal, select Assets > Site Details.

  2. On the Site Details page, select the Services subtab.

  3. Click Add Credentials:

    bla add credentials
  4. First, enter a name for the set of BLA credentials. This will be displayed on the Services subtab.

    bla adding credential info
  5. Enter login information for the Primary BLA scanning credentials. You need to provide the Username, Password, Login Entrance URL, and Destination URL.

  6. Enter any additional Login Notes for this set of BLA credentials.

    1. Select the Enable Time-based One-time Password (TOTP) MFA checkbox.

    2. Enter the secret key for your MFA provider account in the TOTP Secret Key field.

      WhiteHat Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a secret key. The TOTP provider must uses SHA1 encryption and Base32-encoded secret keys.
  7. (Recommended) Enter login information for a second set of Backup BLA scanning credentials. You can also enter Login Notes.

  8. Click Save to save the BLA credentials.

Using the provided BLA credentials, Threat Research Center (TRC) engineers can now perform a BLA for the selected site.

Editing BLA Scanning Credentials

To edit BLA scanning credentials, perform the following steps:

  1. In the WhiteHat Portal, select Assets > Site Details.

  2. On the Site Details page, select the Services subtab.

  3. Click the down arrow to expand the BLA credentials that you want to edit.

    edit BLA credentials
  4. Click Edit and then update the login information you want to change.

  5. Click Save.

Disabling BLA Credentials

  1. To disable a set of BLA credentials, select them from the list, and then click Disable Credentials.

    bla disable credentials 1
  2. Select Confirm to disable the selected credentials.

    bla credentials disable confirm

The disabled credentials are longer used for BLAs. To ensure your BLA can be completed appropriately, replace the credentials you disabled.

Setting Up Email Notification for BLA Status Changes

You can enable email notifications for certain BLA status changes in your Profile.