Site Services Tab

The Site Services tab (found on the Site Details page for the site in question) allows you to manage your Business Logic Assessments for that site. Within the license period of your Business Logic Assessment (BLA) license, you can:

  • Schedule a Business Logic Assessment (BLA) if an unused BLA license is available

  • View the status of a scheduled BLA, if any

  • Indicate resolution of any issue that has been blocking a BLA

  • Edit a future scheduled BLA date, if any

  • Cancel a scheduled BLA

  • View the information on the last completed BLA, if any

  • Add, edit, or delete BLA credentials (for sites covered under PE only)

BLA Status

bla services main 1
You must schedule your BLA during the license period.
If the BLA license period expires without a BLA being scheduled, the business logic assessment will no longer be available.

Each BLA listed here will display its status:

Field No. Field Name Description

1

Scheduled

This BLA has been scheduled for the date shown.

2

In Progress

This BLA is now in progress.

3

On Hold

There is an issue preventing this BLA from beginning, and it has been placed on hold pending resolution of that issue. You must resolve that issue before the BLA can be rescheduled and completed.

A BLA in this status will show an explanation of the issue. Once the issue is resolved, click on Click here once the issue is resolved to confirm the resolution. Once that is done, the BLA will run as normal on the original scheduled date, so long as that date is in the future.

4

Reschedule Failed

On rare occasions, it may not be possible to reschedule the BLA automatically. If this happens, either because no date within the license period is available or for any other reason, please contact WhiteHat for resolution. Note that if your license period expires before you reschedule your BLA, that BLA will no longer appear here.

Scheduling a Business Logic Assessment

If you have a license for a Business Logic Assessment (BLA) available, you will see the Schedule BLA button.

  1. Click on Schedule BLA to begin the scheduling process. (To add a license or to inquire regarding a license that is not showing here, please contact your Customer Service representative or reach out to Customer Service at support@whitehatsec.com.) Note that a BLA can only be scheduled during the associated license period.

    bla schedule bla button
    If you attempt to schedule a BLA but you have not yet entered any BLA credentials, you will see a pop-up reminding you that you have not entered any credentials to be used with a BLA.
    no bla credentials popup
  2. You can enter credentials at this point, or you can choose to schedule your BLA without credentials; however, we strongly recommend that you provide credentials to be used in the BLA. If no credentials are provided, the BLA will be performed only on the unauthenticated portions of your site. To ensure both authenticated and unauthenticated portions of your site undergo Business Logic Analysis, please be sure that you provide valid credentials.

For information on entering credentials, please see Adding Business Logic Assessment Credentials below.

Please do not edit BLA credentials while a BLA is in progress.
Doing so will result in inconsistencies in your BLA.

The Schedule BLA Wizard will walk you through the process of scheduling your BLA.

License Used

The license type that will be used for the BLA you are scheduling will be described at the top of the BLA Scheduling popup. If you have a PE BLA license, that license will be used first; if you will be using an add-on license, that information will be noted here.

bla license used

Week Scheduled for BLA

  1. Immediately below the license type you will see a calendar. Use the "<" and ">" keys to navigate month by month; click to select the week you would like to schedule. Note that you may only schedule for the current week at the beginning of the week in question, and only if Business Logic Analysts are available.

    schedule bla calendar 1
  2. Unavailable weeks will be shown in gray (See January 17th - 23rd). Weeks outside of your license period will also be shown in a gray.

  3. Available weeks will be shown in blue. The selected week will show a blue highlight as seen for the week of January 24th - 30th above.

  4. Select Schedule to confirm the dates chosen for your BLA.

  5. In order to provide an excellent level of service for our customer base, WhiteHat’s manual testing team can conduct a maximum number of Business Logic Assessments each week. Although WhiteHat has one of the largest manual testing teams in the world, this capability is still a finite resource and can be subject to high demand, especially at quarter and year ends. Your Customer Support or Program Manager will work with you to identify urgent needs and help determine a scheduling plan for assessments.

Attachments

To upload attachments for the Threat Research Center Business Logic Analysts, perform the following steps.

  1. In the section titled Attachments click on Upload File.

    attachments notes bla
  2. Use your File Browser to navigate to the file you would like to upload and click on Open.

    bla open attachments finder
    Accepted attachment file types are: .jpg, .jpeg, .gif, .png, .tif, .tiff, .bmp, .txt, .doc, .docx, .xls, .xlsx, .csv, .ppt, .pptx, .mp3, .wav, .avi, .mpg, .mpeg, .mp4, .wmv, .flv, .mov, .cer, .crt, .der, .pem.
  3. Check your selected file has been uploaded successfully in the attachments box.

    bla uploaded attachment
  4. Optionally, you can remove any uploaded attachment by selecting the trash/bin icon.

  5. In addition to uploading a file, or instead of doing so, you can now add notes to communicate with the BLA team. You can modify the note until the BLA status becomes Scheduled. At that point, the note cannot be changed.

  6. Select the Schedule button.

'No Credentials Needed' Confirmation Checkbox

  1. If you choose to have a BLA performed without BLA credentials, you may use the No credentials needed to test confirmation checkbox, located immediately below the Notes section. If no BLA credentials are available, this box is checked by default and can only be unchecked if BLA credentials are available.

    bla no credentials needed
  2. When you have selected the week for the BLA to be performed, uploaded any relevant files for the Business Logic Analysts, and ensured that credentials are available or checked the No credentials needed confirmation checkbox, click on the Schedule button to schedule your BLA.

  3. Once you have added your primary credentials, you will see a confirmation banner at the top of the page. If you need to make changes, you can edit your credentials on the Services page.

    bla credential added successfully

Cancelling a Scheduled BLA

If you need to cancel a Business Logic Assessment, you can do so as long as the assessment is not already in progress. Under the Assets tab, select the Services sub-tab. Click on the Edit link next to the scheduled BLA. A confirmation text box displays, asking for a reason for cancellation.

Reviewing the Completed Business Logic Assessment

Once a Business Logic Assessment has completed, the summary information for that BLA displays on the Services tab.

bla successfully scheduled
Field No. Field Name Description

1

Confirmation banner

Once the primary credentials are added and the BLA successfully scheduled, these confirmation banners will appear on the Services page.

2

ID number

When a BLA has been successfully scheduled a unique identifying number will be displayed.

3

Scan Status

This will display the current status of your BLA and the dates the scan is due to commence.

4

Last completed BLA

This will display most recent date of the last completed BLA. This will include the date the BLA was completed and a link allowing you to view the verified vulnerabilities identified in the BLA or to generate a report of those vulnerabilities.

In addition, you can view all vulnerabilities associated with a specific BLA or with all BLAs performed for this asset on the Asset Details page or on the Findings page.

5

Credential Details

This drop down section for the added credentials displays the details of the primary and backup credentials.

Filtering For Your BLA Findings

When you click on View BLA Verified Vulnerabilities under Last Completed BLA, the Findings page displays with a pre-set filter to show you only vulnerabilities that were verified during this specific BLA. You can edit this filter to see vulnerabilities that are associated with additional Business Logic Assessment(s) by ID.

Filter the table by performing the following tasks:

  1. Click on the Filter button.

bla findings filter options
Field No. Field Name Description

2

Frequently Used Filter Options

These are the most frequently used filters including:

  • Vulnerability ID

  • Vulnerability rating

  • Vulnerability status

  • Opened date range etc

You can select as many, or as few filters as you require to filter your list of findings.

3

Miscellaneous

These are further filter options available to refine your vulnerability findings, including:

  • Vulnerability Tags

  • Verification Status

  • Attack Vector ID

  • Client

  • Retest Status ect.

4

Business Logic Assessment ID

Enter your BLA ID number here, BLA ID numbers for scheduled BLAs can be seen on the Services subtab of the site details page.

5

Filter

Now select the Filter icon to filter all listed vulnerabilities by your filters selected in the previous three steps.

6

Reset

Click this to clear all selected filters.

Failure to reset the filter means that the filtered results will display the next time that you access the Findings tab. The filter remains in place even after logging out of Sentinel and logging back in again. So if you have finished with the filter, use Reset.

Adding, Editing, or Disabling Business Logic Assessment Credentials

Adding Credentials

For sites covered under the Sentinel Premium (PE) service, you can manage your BLA credentials directly in Sentinel.

bla add credentials
  1. Click on Add Credential to add site credentials. If you are using a stand-alone BLA license for a site that is covered under the Sentinel Standard (SE) service, please contact WhiteHat Security with your credential information.

    bla adding credential info
  2. To create BLA credentials, you must first type a name for the credential. This displays on the Services tab.

  3. Provide Primary login information, which includes:

    • Username

    • Password

    • Login (Entrance) URL

    • Destination URL

  4. Add any additional notes required for this set of credentials.

  5. We strongly recommend including a Backup login as well.

  6. When you have populated all information fields, click Save to save this set of credentials.

For information about using SMS-based two-factor authentication for assessments, see SMS-Based Two-Factor Authentication.

Editing BLA Credentials

  1. To edit existing credentials, click the arrow next to the credentials that you want to edit. The Edit link displays.

    edit scan credentials
  2. Click the Edit link to enable editing.

Disabling BLA Credentials

bla disable credentials 1
  1. To disable a given set of credentials, select that set and click on Disable Credentials.

  2. Select the Confirm icon to remove the selected credential.

    bla credentials disable confirm

Disabled credentials will no longer be used for Business Logic Assessments. Please replace any credentials being disabled to ensure that your BLA can be completed appropriately.

Setting Up Email Notification for BLA Status Changes

If you would like to receive email notification for particular BLA status changes, you can set that in your Profile.

Video Tutorial - DAST Services Tab