Exclusion
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
The features described in this tutorial are available only to organizations that have subscribed to our web application security assessment.
This page describes how to exclude specific endpoints or scenarios from security assessments.
Automatically Exclude Duplicate Endpoints
-
Make sure to register your endpoints beforehand, then go to the "Endpoints" tab (
https://cloud.shisho.dev/[orgid]/applications/[appid]/endpoints
). -
Click the "Change scan targets" button at the top of the screen and select "Automatically remove from scan."
-
In the window that opens, click the "Detect Duplicates" button. This will show the detection results of endpoints that are considered similar.
-
If you click "Remove from scan targets," the endpoints judged to be similar will be excluded from the scan target all at once, except for the "Aggregated endpoint."
In other words, if you click "Remove from scan targets" for the detection result in the figure above, the following endpoints will be excluded from the scan target:
GET:https://app.example/items/2
GET:https://app.example/items/3
GET:https://app.example/items/2/review
GET:https://app.example/items/3/review
However, the following endpoints will still be scanned:
GET:https://app.example/items/1
GET:https://app.example/items/1/review
Therefore, in the endpoint list, 4 endpoints will be marked as excluded from the scan, as shown below.
Manually Exclude Endpoints and Scenarios
Exclude Specific Endpoints
-
Make sure to register your endpoints beforehand, then go to the "Endpoints" tab (
https://cloud.shisho.dev/[orgid]/applications/[appid]/endpoints
). -
Select the checkboxes of all endpoints you want to exclude from the security assessment.
-
Click the "Change scan targets" menu at the top right of the screen, and select "Remove from scan targets" from the displayed items.
-
After the selection, the checkmark icon will disappear from the entry of the specified endpoint, indicating that the exclusion was successful.
To include the endpoint in the security assessment again, select the endpoint in the same way and select "Add to scan targets."
Exclude Specific Scenarios
-
Make sure to register your scenarios beforehand, then go to the "Scenarios" tab (
https://cloud.shisho.dev/[orgid]/applications/[appid]/scenarios
). -
Select the checkboxes of all scenarios you want to exclude from the security assessment.
-
Click the "Change scan targets" menu at the top right of the screen, and select "Remove from scan targets" from the displayed items.
-
After selection, if the checkmark icon disappears from the entry of the specified scenario, the exclusion is successful.
To include the scenario in the security assessment again, select the scenario in the same way and select "Add to scan targets."