Site URL Coverage Tab

To access and use the URL Coverage tab, perform the following steps:

  1. From the main WhiteHat Portal menu, select Assets. This displays the Asset Management page. (Not annotated)

    bla url coverage main

  2. Select a Site from the asset list Asset Management page.

  3. From the tabs displayed, select URL Coverage.

  4. Click URLs Scanned to view all scanned URLs.

  5. This table displays each of the URLs scanned for the selected site in each completed assessment. You will also see the Status and the Total number of items.

  6. Optionally, click the Export CSV to export the information from the scanned URL list to a CSV file.

  7. Use the Filter icon to filter the listed components by various criteria. This displays the following panel:

    bla url coverage filter
Field No. Field Name Description

7a

Filter by URL

You can enter your specific URL here to search and view the current scan status.

7b

Status

Here you can define which of your URLs that you would like to view, based on their scan status. The four options are as follows:

  • All

  • Tested

  • Off Domain

  • Error

7c

Assessment

Here you can filter the URL results by the Assessment date, or you can choose your current Assessment.

8

Filter

Now select the Filter icon to filter all listed URLs by your filters selected in the previous steps.

9

Reset

This is to clear all applied filters.

Scan Rules

To access and use the URL Coverage tab, perform the following steps:

  1. From the main WhiteHat Portal menu, select Assets. This displays the Asset Management page.

    url coverage scan rules 1

  2. Select a Site from the asset list Asset Management page.

  3. From the tabs displayed, select URL Coverage.

  4. Click Scan Rules to view the set scan rules for the URLs.

Only Admin users can add, modify, or delete Scan Rules or User Added URL(s).

Editing Scan Rules

To edit or set new scan rules, perform the following steps:

  1. From the main WhiteHat Portal menu, select Assets. This displays the Asset Management page.

    url coverage edit scan rules

  2. Select a Site from the asset list Asset Management page.

  3. From the tabs displayed, select URL Coverage.

  4. Click Scan Rules to view the set scan rules for the URLs.

  5. Select the Edit icon.

  6. Select the add branch icon beside the Include All text to add a new IF statement.

    Before saving changes to the scan rules, users will be warned of the impact of the change in terms of vulnerabilities being affected. Once confirmed by the user the scan rule changes will be saved and applied. If there are any vulnerabilities whose URLs are impacted by the scan rules, then those will be marked as Out of Scope for blacklisted URLs. For more information on scan rules, see Scheduling a Scan.

  7. After you have edited your scan rules, select the Save icon at the bottom of the table to keep any changes that have been made.

  8. Optionally, you can test your rules by clicking Test Rules. This displays the following pop-up:

    test scan rules 2

    1. Type your new URLs in the text box provided. Multiple URLs can be added at once with a new line of separation between them.

    2. After you have typed your new URLs, select Test Coverage to test your scan rules.

User Added URL(s)

If you have admin privileges, you can add new URLs by performing the following steps:

  1. From the main WhiteHat Portal menu, select Assets. This displays the Asset Management page.

    user added urls 1

  2. Select a Site from the asset list Asset Management page.

  3. From the tabs displayed, select URL Coverage.

  4. Click User Added URL(s) to view the URLs that have been already added to your asset.

  5. Select the Add URL(s) icon.

    add urls prompt

    1. Type your new URL in the text box provided. Multiple URLs can be added at once with a new line of separation between them.

    2. After you have typed your new URLs, select Next to add them to your asset.

  6. Optionally, click the Export CSV to export the information from the URL list to a CSV file.

  7. Users with admin privileges can also delete existing manually added URLs either one at a time by clicking the trash/bin icon next to the URL, or in bulk by selecting all the URLs to be deleted and clicking Delete.

    Before deleting the URL(s), users will be warned that there might be an impact on the vulnerabilities associated with the URL(s) and those will be marked as Out of Scope.

Any changes will take full effect in the next scan. However, if a scan is in progress when edits are made to the rules, the rest of the scan will follow the new rules.

Video Tutorial - DAST URL Coverage Tab