Site Services Tab

The Site Services tab (found on the Site Details page for the site in question) allows you to manage your Business Logic Assessments for that site. Within the license period of your Business Logic Assessment (BLA) license, you can:

  • Schedule a Business Logic Assessment (BLA) if an unused BLA license is available.

  • View the status of a scheduled BLA, if any.

  • Edit a future scheduled BLA date, if any.

  • Cancel a scheduled BLA.

  • View the information on the last completed BLA, if any.

  • Add, edit, or delete BLA credentials (for sites covered under PE only).

BLA Status

You can view the current status of your scheduled BLAs on the Site Services tab:

bla services main 1
You must schedule your BLA during the license period.
If the BLA license period expires without a BLA being scheduled, the business logic assessment will no longer be available.

The status of each BLA is displayed:

Status Description

Scheduled

This BLA has been scheduled for the date shown.

In Progress

This BLA is now in progress.

On Hold

An issue is preventing the BLA from starting; the BLA has been placed on hold pending resolution of that issue. You must resolve the issue before the BLA can be rescheduled and completed as planned.

A BLA in On Hold status will show an explanation of the issue.

To confirm the resolution of an On Hold BLA, refer to the associated Salesforce case. This case is referenced in the UI and in the Business Logic Assessment on hold notice email that was sent to you.

Reschedule Failed

On rare occasions, it may not be possible to reschedule the BLA automatically. If this happens, either because no date within the license period is available or for any other reason, please contact Synopsys for resolution. Note that if your license period expires before you schedule or reschedule your BLA, that BLA will no longer be available.

Scheduling a Business Logic Assessment

If you have a license for a Business Logic Assessment (BLA) available, the Schedule BLA button is active.

  1. Click Schedule BLA to begin the scheduling process. To add a license or enquire regarding a license that is not displayed, please contact your Customer Service representative or reach out to Customer Service at support@whitehatsec.com. Note that a BLA can only be scheduled during the associated license period.

    bla schedule bla button
    A reminder popup is displayed if you attempt to schedule a BLA but have not yet entered any BLA credentials.
  2. You can enter credentials at this point or choose to schedule your BLA without credentials; however, we strongly recommend that you provide credentials to be used in the BLA. If no credentials are provided, the BLA will be performed on only the unauthenticated portions of your site. To ensure the whole of your site undergoes Business Logic Analysis, be sure to provide valid credentials.

For information on entering credentials, see Adding Business Logic Assessment Credentials below.

Do not edit BLA credentials while a BLA is in progress.
Doing so will result in inconsistencies in your BLA.

The Schedule BLA Wizard will walk you through the process of scheduling your BLA.

License Used

The license type that will be used for the BLA you are scheduling will be described at the top of the BLA Scheduling popup. If you have a PE BLA license, that license will be used first; if you will be using an add-on license, that information will be noted here. For example:

bla license used

Week Scheduled for BLA

  1. Use the calendar below the license type to schedule the BLA. Enter < and > to navigate month-by-month and then select the week you would like to schedule. You can only schedule for the current week at the beginning of the week in question, and only if Business Logic Analysts are available.

    schedule bla calendar 1
  2. Unavailable weeks are shown in gray (See January 17th - 23rd). Weeks outside of your license period will also be shown in gray.

  3. Available weeks are shown in blue. The selected week will show a blue highlight as seen for the week of January 24th - 30th above.

  4. Select Schedule to confirm the dates chosen for your BLA.

You will receive email confirmation when your BLA has started. If you need to provide additional information, see Providing Information for your BLA.

In order to provide an excellent level of service for our customer base, Synopsys' manual testing team can conduct a maximum number of Business Logic Assessments each week. Although Synopsys has one of the largest manual testing teams in the world, this capability is still a finite resource and can be subject to high demand, especially at quarter and year ends. Your Customer Support or Program Manager will work with you to identify urgent needs and help determine a scheduling plan for assessments.

'No Credentials Needed' Confirmation Checkbox

  1. If you decide to have a BLA performed without BLA credentials, select the No credentials needed to test checkbox to the right of the calendar. If no BLA credentials are available, this box is checked by default and can only be unchecked if BLA credentials are available.

    bla no credentials needed new
  2. When you have selected the week for the BLA to be performed, and ensured that credentials are available or checked the No credentials needed checkbox, click Schedule to schedule your BLA.

  3. Once you have added your primary credentials, you will see a confirmation banner at the top of the page. If you need to make changes, you can edit your credentials on the Services page.

    bla credential added successfully

Providing Information for your BLA

If you want to provide extra information, instructions, or attachments related to your BLA, open a case in the Synopsys Software Integrity Community. You should provide any extra information before the scheduled start date of your BLA.

Canceling a Scheduled BLA

If you need to cancel a Business Logic Assessment, you can do so as long as the assessment is not already in progress. Under the Assets tab, select the Services sub-tab. Click the Edit link next to the scheduled BLA. A confirmation text box displays, asking for a reason for cancellation.

Reviewing the Completed Business Logic Assessment

Once a Business Logic Assessment has completed, the summary information for that BLA displays on the Services tab.

bla successfully scheduled
Field No. Field Name Description

1

Confirmation banner

Once the primary credentials are added and the BLA is scheduled, these confirmation banners will appear on the Services page.

2

ID number

When a BLA has been successfully scheduled a unique identifying number will be displayed.

3

Scan Status

This will display the current status of your BLA and the dates the scan is due to commence.

4

Last completed BLA

This will display most recent date of the last completed BLA. This will include the date the BLA was completed and a link allowing you to view the verified vulnerabilities identified in the BLA or to generate a report of those vulnerabilities.

In addition, you can view all vulnerabilities associated with a specific BLA or with all BLAs performed for this asset on the Asset Details page or on the Findings page.

5

Credential Details

This drop down section for the added credentials displays the details of the primary and backup credentials.

Filtering For Your BLA Findings

When you click View BLA Verified Vulnerabilities under Last Completed BLA, the Findings page displays with a pre-set filter to show you only vulnerabilities that were verified during this specific BLA. You can edit this filter to see vulnerabilities that are associated with additional Business Logic Assessment(s) by ID.

To filter the table:

  1. Click the Filter button.

bla findings filter options
Field No. Field Name Description

2

Frequently Used Filter Options

These are the most frequently used filters including:

  • Vulnerability ID

  • Vulnerability rating

  • Vulnerability status

  • Opened date range etc.

You can select as many, or as few filters as you require to filter your list of findings.

3

Miscellaneous

These are further filter options available to refine your vulnerability findings, including:

  • Vulnerability Tags

  • Verification Status

  • Attack Vector ID

  • Client

  • Retest Status etc.

4

Business Logic Assessment ID

Enter your BLA ID number here, BLA ID numbers for scheduled BLAs can be seen on the Services subtab of the site details page.

5

Filter

Select the Filter icon to filter all listed vulnerabilities by your filters selected in the previous three steps.

6

Reset

Click this to clear all selected filters.

Failure to reset the filter means that the filtered results will display the next time that you access the Findings tab. The filter remains in place even after logging out of the WhiteHat Portal and logging back in again. So if you have finished with the filter, use Reset.

Adding, Editing, or Disabling Business Logic Assessment Credentials

Adding Credentials

For sites covered under the WhiteHat Dynamic Premium (PE) service, you can manage your BLA credentials directly in the Portal.

  1. Click Add Credentials to add site credentials. If you are using a stand-alone BLA license for a site that is covered under the WhiteHat Dynamic Standard (SE) service, please contact Synopsys with your credential information.

    bla add credentials
  2. To create BLA credentials, you must first enter a Credential Name. This displays on the Services tab.

    bla adding credential info
  3. Provide Primary login information, which includes:

    • Username

    • Password

    • Login Entrance URL

    • Destination URL

  4. Add any additional Login Notes required for this set of credentials.

  5. If the site uses Multi-Factor Authentication (MFA), where users authenticate using a time-based one-time password (TOTP) generated in an authenticator app, perform the following steps:

    1. Select the Enable Time-based One-time Password (TOTP) MFA checkbox.

    2. Enter the secret key for your MFA provider account in the TOTP Secret Key field.

      WhiteHat Dynamic supports any TOTP generator - for example, Google Authenticator or Duo Mobile - as long as you provide a secret key. The TOTP provider must use SHA-1 hashing and Base32-encoded secret keys.
  6. We strongly recommend including a Backup login as well.

  7. When you have populated all information fields, click Save to save this set of credentials.

For information about using SMS-based two-factor authentication for assessments, see SMS-Based Two-Factor Authentication.

Editing BLA Credentials

To edit BLA credentials, perform the following steps:

  1. Click the down arrow next to the credentials you want to edit.

    edit BLA credentials
  2. Click Edit to enable editing.

  3. Click Save to keep the changes made.

Disabling BLA Credentials

  1. Select the set of credentials to disable, and then click Disable Credentials.

    bla disable credentials 1
  2. In the Credentials Are Not Needed dialog, select the Confirm icon to remove the selected credentials.

    bla credentials disable confirm

Disabled credentials will no longer be used for Business Logic Assessments. Please replace any credentials being disabled to ensure that your BLA can be completed appropriately.

Setting Up Email Notification for BLA Status Changes

If you would like to receive email notifications for particular BLA status changes, you can set that in your Profile.

Video Tutorial - DAST Services Tab