Integration Prerequisites

Requirements for the FAST Integration into CI/CD

To enable an integration of FAST into a CI/CD workflow, you will need:

  • An access to the Wallarm portal and a Wallarm account.

    Create the account if you do not have one.

  • The permissions to create and run Docker containers for your CI/CD workflow.

    The FAST node's Docker container should have access to the Wallarm API servers via the HTTPS protocol (TCP/443).

  • A web application or API to test for vulnerabilities (a target application in the Wallarm terminology).

    It is mandatory for the application to use the HTTP or HTTPS protocol for communication.

    The target application should remain available until the secirity testing with FAST finishes.

  • A tool that will test the target application using HTTP and HTTPS requests (a request source in the Wallarm terminology).

    A request source should be able to work with HTTP or HTTPS proxy server.

    Selenium is an example of a test tool that satisfies the mentioned requirements.

Working with the Docker Container with the FAST Node

It is necessary to deploy a containerized FAST node using Docker in order to test the target application against vulnerabilities.

The FAST node performs the following actions:

  1. Proxying HTTP and HTTPS requests from the request source to the target application.
  2. Creating a security test set based on the incoming requests (baseline requests in the Wallarm terminology) for the target application. The test set is comprised of test requests.
  3. Executing the test requests to detect some vulnerabilities in the target application.

Relations of FAST with the request source and the target application

HTTPS support

This guide describes the integration of FAST to test the HTTP-based target application.

However, the FAST node may test the applications that work over HTTPS as well. The HTTPS-related topics are discussed in the “Quick Start Guide”.

The next chapter describes the entities which FAST uses to test an application for vulnerabilities.

results matching ""

    No results matching ""