Using the WhiteHat Sentinel Xcode Plugin

The Xcode plugin allows developers to work with Sentinel directly from Xcode. Once you have installed the WhiteHat Sentinel Xcode Plugin as described under Installation, perform the following steps to use the WhiteHat Sentinel Xcode Extension:

  1. Open Xcode from your applications and select WhiteHat Sentinel Xcode Extension.

    xcode using plugin 1

  2. Log in by typing your Sentinel User Name and Password or type a valid API Key in the text fields.

    A valid API key must be entered before the plugin can be used. To find out how to generate an API key on Sentinel see Generating an API key.

    xcode using plugin 2

  3. Confirm that the correct server is listed:

    • sentinel.whitehatsec.com for non EU customers

    • sentinel.whitehatsec.eu for EU customers

Reviewing Your Vulnerabilities

  1. Select the application you want to review from the drop-down list.

    xcode using plugin 3

  2. You can search for vulnerabilities by:

    1. Vuln ID

    2. Vuln Status

    3. Rating

    4. From Date

    5. To Date

  3. Select your filter parameters and click on the filter icon to display the list of vulnerabilities.

  4. Click on the X icon to clear all set filter parameters.

  5. Double-click on a specific Vuln ID in the list to move to the Debug Vulnerabilities tab and see trace IDs and the associated code snippets for that vulnerability.

    xcode using plugin 4

  6. Click on the down-arrow next to the Vuln ID to display the Attack Vector IDs.

    xcode using plugin 6

  7. Click on the down-arrow next to the Attack Vector ID to see the Attack Vector Types and Source Code Locations.

  8. Click on a specific Attack Vector Type to see the associated code snippet.

  9. Double-click on the Attack Vector Type to bring up that code in your environment.

    If the source code package has not yet been loaded into the IDE, you may specify a source folder. Alternatively, if you do not specify a source folder, you will be asked to navigate to the file path using a Browse File pop-up.

Description

In addition to the code snippet, the WhiteHat Plugin displays a general description and solution for the vulnerability, allowing you to ask WhiteHat Security Engineers a question and see their response. Select the tab to see the information. The Description tab offers a description of the vulnerability class in question, as displayed in the example below.

xcode using plugin 7

Solution

The Solution tab offers an approach to resolving the vulnerability class in question, as displayed in the example below.

xcode using plugin 8

Q&A

  1. In addition, the Q&A tab offers the opportunity to ask questions about this vulnerability and receive answers directly from WhiteHat Security Threat Research Engineers.

    xcode using plugin 9

  2. If questions or answers already exist for this vulnerability, you will see them in the list on the Q&A tab. You can filter by text string if desired.

  3. Click on Ask a Question to display dialog box that will allow you to submit a question about this vulnerability and receive answers directly from WhiteHat Security Threat Research Engineers, as shown below.

  4. Type your question in the text field.

    xcode using plugin 10

  5. Click Submit.