Onboarding requires a complete document, IPs/URLs for testing, 3rd party permissions, edgescan™ IPs whitelisted, and asset groupings. Additional needs include valid web application credentials and API documentation.
Version Number: v1.0.1
Published Date: 13 Mar 2024
____________________________________________________________________________
Before starting the onboarding process, several requirements need to be met:
- Submission of a complete and accurate onboarding document.
- Providing all IPs/URLs for testing purposes.
- Obtaining any necessary permissions from third-party hosting providers. It is the responsibility of the client to identify and obtain these permissions.
- Whitelisting the edgescan™ source IPs to prevent any blocking by firewalls or IPS/IDS during scanning.
- Clearly defining asset groupings where applicable, with some limitations in place for scanning and validation efficiency.
- Additional requirements may vary depending on the type of asset being onboarded.
Authenticated Web Application
Valid credentials for the web application. It is advisable to provide multiple accounts for Advanced license assets to enhance permissions and access control testing during penetration tests.
API
Current API documentation (e.g., WSDL, Swagger documentation) that includes all endpoints within the testing scope. Valid credentials, if applicable.
Internal Assets
Presence on the network is required for testing internal systems. Separate requirements for internal assets can be found in the specific guidelines.