Skip to main content

Register Web Applications

info

The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.

info

The features covered in this tutorial are only available to organizations that have signed up for the Web application security assessment feature.

This document describes how to register a web application with Shisho Cloud and configure an automated security diagnosis.

There are three ways to register a web application with Shisho Cloud:

Register from Attack Surface List

Open the Attack Surface List to see a list of hosts automatically detected from resources integrated with Shisho Cloud.

info

All hostnames displayed in the Attack Surface List are detected by referring to the configuration of resources integrated with Shisho Cloud. It is possible that not all hostnames will be detected immediately after the external integration is complete.

Attack Surface List

Click the "Register" button on the right side to open the sidebar for registering a web application.

When creating a web application from the Attack Surface list screen, the hostnames associated with the selected attack surface are specified as the scope. You can change this at this point if necessary. You can also edit it after registering the web application.

Web Application Registration Screen

Fill in the "Application Name" (required) and "Description" (optional) fields, then click "Register" in the lower right corner of the screen to register the web application.

Register from Security Graph

If a resource that is an attack surface is included in the Security Graph, you can register a web application directly from the Security Graph.

As a straightforward example, open the Security Graph page of the resource on which the web application you want to register is running.

Security Graph Page

The nodes drawn in red on the Security Graph have detected attack surfaces. Left-click on a red node to display detailed information about the node on the left side, which contains a section called Attack Surface. Click on "Register Application" at the bottom right of the section to display a modal for registering the web application.

Web Application Registration Modal

You can also register a web application from the menu that appears when you right-click on a red node.

Context Menu

Register Manually

First, open the Web Application List and click the "Register Application" button in the upper right corner.

In the "Scope" field of the Add Application screen, specify the URL to be diagnosed.

Add Application Screen

After filling in the required information, click the "Register" button to register the web application.

Next, proceed to the Collect Target Endpoints procedure.