A target application is a web application or an API that should be tested for vulnerabilities using FAST.
A requests source is a tool that will test the target application using HTTP and HTTPS requests. FAST can create the security test set based on these requests (see “baseline requests”).
A security test set allows revealing vulnerabilities in the target application. Each security test comprises one or more test requests.
The test requests are HTTP and HTTPS requests to be sent to the target application. The constructed requests are highly likely to trigger a vulnerability.
Such requests are created by FAST on the basis of baseline requests that satisfy the test policy.
The FAST node is one of the FAST components.
The node proxies HTTP and HTTPS requests and creates security tests based on the baseline requests.
In addition to this, FAST node executes the security tests. In other words, node sends test requests to the target application to check the application's response and determine if there are any security vulnerabilities in the application.
The Wallarm Cloud is one of the FAST components. The cloud provides the user with an interface for creating test policies, managing the test execution process and observing the testing results.
The baseline requests are HTTP и HTTPS requests that are directed from the requests source to the target application. FAST creates the security tests on the basis of this requests.
All the non-baseline requests, that are proxied through the FAST node, would not be used as a source during the test set creation process.
A test run describes the single iteration of the vulnerability testing process using FAST.
Test run passes a test policy to a FAST node. The policy defines which baseline requests will serve as a basis for the security tests.
Each test run is tightly coupled with a single FAST node by the token.
A test policy is a set of rules, according to which the process of vulnerability detection is conducted. In particular, you can select the vulnerability types which the application should be tested for. In addition to that, the policy determines which parameters in the baseline request are eligible to be modified while creating a security test set. These pieces of data are utilized by FAST to create test requests that are used to find out if the target application is exploitable.
A request element is a part of a baseline request. Some examples of elements:
- HTTP header,
- HTTP response body,
- GET parameters,
- POST parameters.
A point is a string that points to the element of the baseline request. This string comprises a sequence of the names of parsers and filters that should be applied to the baseline request in order to obtain the required data. The points are described in more detail here.
A token is the unique secret identifier that serves the following purposes:
- Binding a test run with the FAST node.
- Creating and managing a test run.
Token is one of the essential FAST node's properties.