Skip to main content

Exclusion

info

The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.

info

The features described in this tutorial are available only to organizations that have subscribed to our web application security assessment.

This page describes how to exclude specific endpoints or scenarios from security assessments.

Automatically Exclude Duplicate Endpoints

  1. Make sure to register your endpoints beforehand, then go to the "Endpoints" tab (https://cloud.shisho.dev/[orgid]/applications/[appid]/endpoints).

  2. Click the "Change scan targets" button at the top of the screen and select "Automatically remove from scan."

  3. In the window that opens, click the "Detect Duplicates" button. This will show the detection results of endpoints that are considered similar.

  4. If you click "Remove from scan targets," the endpoints judged to be similar will be excluded from the scan target all at once, except for the "Aggregated endpoint."

    In other words, if you click "Remove from scan targets" for the detection result in the figure above, the following endpoints will be excluded from the scan target:

    • GET:https://app.example/items/2
    • GET:https://app.example/items/3
    • GET:https://app.example/items/2/review
    • GET:https://app.example/items/3/review

    However, the following endpoints will still be scanned:

    • GET:https://app.example/items/1
    • GET:https://app.example/items/1/review

    Therefore, in the endpoint list, 4 endpoints will be marked as excluded from the scan, as shown below.

Manually Exclude Endpoints and Scenarios

Exclude Specific Endpoints

  1. Make sure to register your endpoints beforehand, then go to the "Endpoints" tab (https://cloud.shisho.dev/[orgid]/applications/[appid]/endpoints).

    Endpoints tab

  2. Select the checkboxes of all endpoints you want to exclude from the security assessment.

    Check the endpoints

  3. Click the "Change scan targets" menu at the top right of the screen, and select "Remove from scan targets" from the displayed items.

    Remove from scan targets

  4. After the selection, the checkmark icon will disappear from the entry of the specified endpoint, indicating that the exclusion was successful.

    Excluded endpoints

    To include the endpoint in the security assessment again, select the endpoint in the same way and select "Add to scan targets."

Exclude Specific Scenarios

  1. Make sure to register your scenarios beforehand, then go to the "Scenarios" tab (https://cloud.shisho.dev/[orgid]/applications/[appid]/scenarios).

    Scenarios tab

  2. Select the checkboxes of all scenarios you want to exclude from the security assessment.

    Check the scenarios

  3. Click the "Change scan targets" menu at the top right of the screen, and select "Remove from scan targets" from the displayed items.

    Remove from scan targets

  4. After selection, if the checkmark icon disappears from the entry of the specified scenario, the exclusion is successful.

    Excluded scenarios

    To include the scenario in the security assessment again, select the scenario in the same way and select "Add to scan targets."