To enable an integration of FAST into a CI/CD workflow, you will need:
An access to the Wallarm portal and a Wallarm account.
Create the account if you do not have one.
The permissions to create and run Docker containers for your CI/CD workflow.
The FAST node's Docker container should have access to the
us1.api.wallarm.comWallarm API servers via the HTTPS protocol (
A web application or API to test for vulnerabilities (a
target applicationin the Wallarm terminology).
It is mandatory for the application to use the HTTP or HTTPS protocol for communication.
The target application should remain available until the secirity testing with FAST finishes.
A tool that will test the target application using HTTP and HTTPS requests (a
request sourcein the Wallarm terminology).
A request source should be able to work with HTTP or HTTPS proxy server.
Selenium is an example of a test tool that satisfies the mentioned requirements.
It is necessary to deploy a containerized FAST node using Docker in order to test the target application against vulnerabilities.
The FAST node performs the following actions:
- Proxying HTTP and HTTPS requests from the request source to the target application.
- Creating a security test set based on the incoming requests (baseline requests in the Wallarm terminology) for the target application. The test set is comprised of
- Executing the test requests to detect some vulnerabilities in the target application.
This guide describes the integration of FAST to test the HTTP-based target application.
However, the FAST node may test the applications that work over HTTPS as well. The HTTPS-related topics are discussed in the “Quick Start Guide”.
The next chapter describes the entities which FAST uses to test an application for vulnerabilities.