Site Services Tab

The Site Services tab (found on the Site Details page for the site in question) allows you to manage your Business Logic Assessments for that site. Within the license period of your Business Logic Assessment (BLA) license, you can:

  • Schedule a Business Logic Assessment (BLA) if an unused BLA license is available.

  • View the status of a scheduled BLA, if any.

  • Indicate resolution of any issue that has been blocking a BLA.

  • Edit a future scheduled BLA date, if any.

  • Cancel a scheduled BLA.

  • View the information on the last completed BLA, if any.

  • Add, edit, or delete BLA credentials (for sites covered under PE only).

BLA Status

You can view the current status of your scheduled BLAs on the Site Services tab:

bla services main 1
You must schedule your BLA during the license period.
If the BLA license period expires without a BLA being scheduled, the business logic assessment will no longer be available.

Each BLA listed will display its status:

Field Name Description

Scheduled

This BLA has been scheduled for the date shown.

In Progress

This BLA is now in progress.

On Hold

There is an issue preventing this BLA from beginning, and it has been placed on hold pending resolution of that issue. You must resolve that issue before the BLA can be rescheduled and completed.

A BLA in On Hold status will show an explanation of the issue.

NOTE: Please do not select Click here once the issue is resolved. This functionality will be removed in a future release. To confirm the resolution of an On Hold BLA, refer to the Salesforce case that is referenced in the note in the UI.

Reschedule Failed

On rare occasions, it may not be possible to reschedule the BLA automatically. If this happens, either because no date within the license period is available or for any other reason, please contact Synopsys for resolution. Note that if your license period expires before you schedule or reschedule your BLA, that BLA will no longer be available.

Scheduling a Business Logic Assessment

If you have a license for a Business Logic Assessment (BLA) available, you will see the Schedule BLA button.

  1. Click Schedule BLA to begin the scheduling process. To add a license or enquire regarding a license that is not displayed, please contact your Customer Service representative or reach out to Customer Service at support@whitehatsec.com. Note that a BLA can only be scheduled during the associated license period.

    bla schedule bla button
    A reminder popup is displayed if you attempt to schedule a BLA but have not yet entered any BLA credentials.
  2. You can enter credentials at this point, or you can choose to schedule your BLA without credentials; however, we strongly recommend that you provide credentials to be used in the BLA. If no credentials are provided, the BLA will be performed only on the unauthenticated portions of your site. To ensure both authenticated and unauthenticated portions of your site undergo Business Logic Analysis, be sure to provide valid credentials.

For information on entering credentials, please see Adding Business Logic Assessment Credentials below.

Do not edit BLA credentials while a BLA is in progress.
Doing so will result in inconsistencies in your BLA.

The Schedule BLA Wizard will walk you through the process of scheduling your BLA.

License Used

The license type that will be used for the BLA you are scheduling will be described at the top of the BLA Scheduling popup. If you have a PE BLA license, that license will be used first; if you will be using an add-on license, that information will be noted here. For example:

bla license used

Week Scheduled for BLA

  1. Use the calendar below the license type to schedule the BLA. Enter < and > to navigate month-by-month and then select the week you would like to schedule. You can only schedule for the current week at the beginning of the week in question, and only if Business Logic Analysts are available.

    schedule bla calendar 1
  2. Unavailable weeks are shown in gray (See January 17th - 23rd). Weeks outside of your license period will also be shown in gray.

  3. Available weeks are shown in blue. The selected week will show a blue highlight as seen for the week of January 24th - 30th above.

  4. Select Schedule to confirm the dates chosen for your BLA.

In order to provide an excellent level of service for our customer base, Synopsys' manual testing team can conduct a maximum number of Business Logic Assessments each week. Although Synopsys has one of the largest manual testing teams in the world, this capability is still a finite resource and can be subject to high demand, especially at quarter and year ends. Your Customer Support or Program Manager will work with you to identify urgent needs and help determine a scheduling plan for assessments.

Attachments

To upload attachments for the Threat Research Center Business Logic Analysts, perform the following steps.

  1. In Attachments section, click Upload File.

    attachments notes bla
  2. Use your File Browser to navigate to and select the file you want to upload.

    Accepted attachment file types are: .jpg, .jpeg, .gif, .png, .tif, .tiff, .bmp, .txt, .doc, .docx, .xls, .xlsx, .csv, .ppt, .pptx, .mp3, .wav, .avi, .mpg, .mpeg, .mp4, .wmv, .flv, .mov, .cer, .crt, .der, .pem.
  3. Check your selected file has been uploaded successfully in the Attachments box.

    bla uploaded attachment
  4. Optionally, you can remove an uploaded attachment by selecting the trash icon.

  5. In addition to, or instead of, uploading a file, you can add notes to communicate with the BLA team. You can modify the note until the BLA status becomes Scheduled. At that point, the note cannot be changed.

  6. Click Schedule.

'No Credentials Needed' Confirmation Checkbox

  1. If you choose to have a BLA performed without BLA credentials, select the No credentials needed to test checkbox under the Notes section. If no BLA credentials are available, this box is checked by default and can only be unchecked if BLA credentials are available.

    bla no credentials needed
  2. When you have selected the week for the BLA to be performed, uploaded any relevant files for the Business Logic Analysts, and ensured that credentials are available or checked the No credentials needed confirmation checkbox, click on the Schedule button to schedule your BLA.

  3. Once you have added your primary credentials, you will see a confirmation banner at the top of the page. If you need to make changes, you can edit your credentials on the Services page.

    bla credential added successfully

Cancelling a Scheduled BLA

If you need to cancel a Business Logic Assessment, you can do so as long as the assessment is not already in progress. Under the Assets tab, select the Services sub-tab. Click on the Edit link next to the scheduled BLA. A confirmation text box displays, asking for a reason for cancellation.

Reviewing the Completed Business Logic Assessment

Once a Business Logic Assessment has completed, the summary information for that BLA displays on the Services tab.

bla successfully scheduled
Field No. Field Name Description

1

Confirmation banner

Once the primary credentials are added and the BLA successfully scheduled, these confirmation banners will appear on the Services page.

2

ID number

When a BLA has been successfully scheduled a unique identifying number will be displayed.

3

Scan Status

This will display the current status of your BLA and the dates the scan is due to commence.

4

Last completed BLA

This will display most recent date of the last completed BLA. This will include the date the BLA was completed and a link allowing you to view the verified vulnerabilities identified in the BLA or to generate a report of those vulnerabilities.

In addition, you can view all vulnerabilities associated with a specific BLA or with all BLAs performed for this asset on the Asset Details page or on the Findings page.

5

Credential Details

This drop down section for the added credentials displays the details of the primary and backup credentials.

Filtering For Your BLA Findings

When you click View BLA Verified Vulnerabilities under Last Completed BLA, the Findings page displays with a pre-set filter to show you only vulnerabilities that were verified during this specific BLA. You can edit this filter to see vulnerabilities that are associated with additional Business Logic Assessment(s) by ID.

To filter the table:

  1. Click the Filter button.

bla findings filter options
Field No. Field Name Description

2

Frequently Used Filter Options

These are the most frequently used filters including:

  • Vulnerability ID

  • Vulnerability rating

  • Vulnerability status

  • Opened date range etc.

You can select as many, or as few filters as you require to filter your list of findings.

3

Miscellaneous

These are further filter options available to refine your vulnerability findings, including:

  • Vulnerability Tags

  • Verification Status

  • Attack Vector ID

  • Client

  • Retest Status etc.

4

Business Logic Assessment ID

Enter your BLA ID number here, BLA ID numbers for scheduled BLAs can be seen on the Services subtab of the site details page.

5

Filter

Now select the Filter icon to filter all listed vulnerabilities by your filters selected in the previous three steps.

6

Reset

Click this to clear all selected filters.

Failure to reset the filter means that the filtered results will display the next time that you access the Findings tab. The filter remains in place even after logging out of the WhiteHat Portal and logging back in again. So if you have finished with the filter, use Reset.

Adding, Editing, or Disabling Business Logic Assessment Credentials

Adding Credentials

For sites covered under the WhiteHat Dynamic Premium (PE) service, you can manage your BLA credentials directly in the WhiteHat Portal.

  1. Click Add Credentials to add site credentials. If you are using a stand-alone BLA license for a site that is covered under the WhiteHat Dynamic Standard (SE) service, please contact Synopsys with your credential information.

    bla add credentials
  2. To create BLA credentials, you must first enter a Credential Name. This displays on the Services tab.

    bla adding credential info
  3. Provide Primary login information, which includes:

    • Username

    • Password

    • Login Entrance URL

    • Destination URL

  4. Add any additional Login Notes required for this set of credentials.

  5. We strongly recommend including a Backup login as well.

  6. When you have populated all information fields, click Save to save this set of credentials.

For information about using SMS-based two-factor authentication for assessments, see SMS-Based Two-Factor Authentication.

Editing BLA Credentials

To edit BLA credentials, perform the following steps:

  1. Click the down arrow next to the credentials you want to edit.

    edit BLA credentials
  2. Click Edit to enable editing.

  3. Click Save to keep the changes made.

edit scan credentials for BLA

Disabling BLA Credentials

  1. Select the set of credentials to disable, and then click Disable Credentials.

    bla disable credentials 1
  2. In the Credentials Are Not Needed dialog, select the Confirm icon to remove the selected credentials.

    bla credentials disable confirm

Disabled credentials will no longer be used for Business Logic Assessments. Please replace any credentials being disabled to ensure that your BLA can be completed appropriately.

Setting Up Email Notification for BLA Status Changes

If you would like to receive email notifications for particular BLA status changes, you can set that in your Profile.

Video Tutorial - DAST Services Tab