A Fortify ScanCentral DAST scan of public sites can be be achieved by directly connecting over internet.
A Fortify ScanCentral DAST scan of customer private sites can be be achieved by using one of the following options:
- AWS Site-to-Site VPN
- Whitelist Fortify Hosted scan sensor(s) source IP address(es) (i.e. provided by Ops)
-
Fortify Connect (FC) - Secure Shell Protocol (SSH) tunnel without exposing the target application through your firewall. The most commonly expected deployment/scan scenario is Remote Mode as described below:
-
Scenario 1: DAST/WebInspect Sensor Running in the Fortify Hosted environment (Remote Mode)
- The diagram included below depicts a DAST/WebInspect Sensor Running in the cloud-based Fortify Hosted environment (aka Remote Mode). This assumes you have internal applications which need to be scanned, but the internal applications are not accessible from outside your internal network.
The Fortify Connect Client is a pre-configured executable that runs behind your firewall; establishes an SSH tunnel through the firewall and connects to the Fortify Connect Server running in the cloud. The pre-configured FC Client executable will be available for download via the “ScanCentral DAST > Fortify Connect” configuration tab after you configure FC in your FH environment.
-
Working with Fortify Connect for Private Application Scanning
-
System requirements for Fortify Connect Client
- Note: the Fortify Connect Client is only officially supported on Linux
-
Configuring and Using Fortify Connect
- Note: only from step 2 to step 7
- The diagram included below depicts a DAST/WebInspect Sensor Running in the cloud-based Fortify Hosted environment (aka Remote Mode). This assumes you have internal applications which need to be scanned, but the internal applications are not accessible from outside your internal network.
-
Scenario 1: DAST/WebInspect Sensor Running in the Fortify Hosted environment (Remote Mode)