FortiDAST App Config
FortiDAST App Config plugin allows you to configure the target asset for DAST scanning in FortiDevSec GUI. Once the target asset URL validated you can perform additional configuration in FortiDAST portal.
To configure FortiDAST scanning for a new application, see Adding a New Application.
To add/edit FortiDAST configuration for an existing apllication:
-
In the FortiDevSec dashboard, click the desired application.
-
In the scanned application details page, click FortiDAST App Config plugin icon. See Viewing the Scan Result.
-
Toggle the FortiDAST App config, if not already enabled. If FortiDAST plugin is already enabled, update the required fields and click OK.
-
Enter the target asset URL and port number.
-
Click Validate DAST.
-
Once the URL is validated, click DAST Config Link to perform additional configuration in FortiDAST portal. See Configuring FortiDAST Scanner.
-
Once you complete the configuration in FortiDAST portal, return to the FortiDevSec tab and click OK.
-
To download the updated yaml configuration file, click Scanner Config.
Note: To perform DAST scan, uncomment the dast configuration in fdevsec.yaml file even when FortiDAST asset/URL is configured through GUI plugin. -
Perform the scan. See Running the Security Scan.
Notes:
-
You can disable or modify the URL at any point after app creation from the scanned application details page. The configured URL will be updated accordingly, but the last scan results will be displayed until the next scan.
-
If the URL is not configured or disabled in the GUI, the URL mentioned in the YAML file or sent through the command line will be used for the scan.
-
If you have already configured a URL in the FortiDevSec GUI and enabled it, but configured a different URL using the YAML config or command line, the scanner will give you an error message because the two URLs do not match. To fix this, you must either update the URL in the YAML config or command line to match the one in the GUI, or disable the URL scan option in the GUI.