FAST provides users with a domain-specific language (DSL) for describing extensions. Now you can create custom extensions to detect vulnerabilities in your application without having any specific programming skills. The mechanism of extensions allows you to apply additional custom logic for processing baseline requests and searching vulnerabilities in the target application.
FAST extensions allow for generating security tests that are constructed either by modifying the selected parameters in a baseline request or by using a predefined payload. The generated security tests are then sent to the target application. The application's response to these tests is used to reach a conclusion about the presence or absence of vulnerabilities in the target application (FAST extensions also define the method of detecting vulnerabilities).
The extensions are described using YAML. We assume that you are familiar with YAML syntax and YAML file structure. To see detailed information, proceed to this link.
The logic of the extensions may include elements described with regular expressions. FAST expressions only support Ruby language regular expression syntax. It is assumed that you are familiar with the Ruby regular expression syntax. To see detailed information, proceed to this link.
FAST interacts with one of the available Wallarm clouds.
All information from the documentation is equally applicable to all the clouds, unless stated otherwise.
For the sake of simplicity, it is assumed throughout the documentation that FAST interacts with the American Wallarm cloud. If you need to interact with another cloud, use the corresponding addresses of the Wallarm portal and the API server.
When creating a FAST extension, you need to understand the structure of the HTTP request sent to the application and that of the HTTP response received from the application in order to correctly describe the request elements that you need to work with using the points.
To see detailed information, proceed to this link.