Now, once your project has been created, there are few things left. Firstly, you need to onboard a target before you start.
- Target - is the aim of your testing. It might be anything, whether Web Apps, APIs (REST & SOAP, GraphQL & more).
- Onboarding - is a process of preparing targets for a testing, looking for Entrypoints. Onboarding is held once, and it will be relevant as long as your target is the same.
Bright provides the following methods of finding Entrypoints:
Bright can crawl your web application to define the attack surface. This option does not require any details that might get you tangled. To run a security scan using a crawler, you simply need to specify the target URL in the URL field. Learn more about a Crawler.
An HTTP Archive File (.HAR file) is a recorded session of user interaction with an application. The .HAR file keeps all the HTTP requests and responses between the web client and web application.
You can use a pre-recorded .HAR file when running a security scan. Using the data contained in the .HAR file, Bright defines the attack surface and ensures complete coverage of the scan scope. Learn more about .HAR-files in Bright.
Bright supports the following versions of the API schemas: Swagger 2+, OpenAPI 3+, Postman 2+. You don't need to have an ideal API-schema, you can upload the one that you have. All you need to do is to fix it once. Learn more about API Schemas.
You can manually add a single Entrypoint using an in-app tool, and then fix it in case if it has connectivity problems. Learn more about how to add fix Entrypoints.
To prepare your target in a better way, see the relevant articles:
- Authentication - Bright's authentication capabilities enable testing of login-protected resources in your application or API. By configuring the authentication method(s) and valid credentials, complete scan coverage is achieved for security testing. Learn more about Authentication types.
- Discovery - is a process of finding entrypoints. This should be made once, since a target is not changed. Learn more about how to create a new Discovery.
- Entrypoint - is an object, which contains detailed information about target. Learn more about how to use and manage Entrypoints.
Updated 3 months ago