Introduction:
Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing (DAST) as part of your DevOps pipeline.
webbreaker
WebBreaker truly enables all members of the Software Security Development Life-Cycle (SDLC), with access to security testing, greater test coverage with increased visibility by providing Dynamic Application Security Test Orchestration (DASTO). Current support is limited to the World’s most popular commercial DAST product, WebInspect.
WebBreaker System Architecture
Supported Features
+ Command-line (CLI) scan administration of WebInspect with Foritfy SSC products.
+ Jenkins Continuous Deployment support
+ Docker container support
+ Email alerting or notification.
+ Extensible event logging with scan administration and results.
+ WebInspect REST API support for v9.30 and later.
+ Fortify Software Security Center (SSC) REST API support for v16.10 and later.
+ WebInspect scan cluster support between two (2) or greater WebInspect servers/sensors.
+ Capabilities for extensible scan telemetry with ELK and Splunk.
+ GIT support for centrally managing WebInspect scan configurations.
+ Python compatibility with versions 2.x or 3.x
Installation:
git clone https://github.com/target/webbreaker export PATH=$PATH:$PYTHONPATH python setup.py install --user webbreaker webinspect --login_macro=some_login_macro --start_urls=example.com --scan_policy=Standard --scan_start=url --allowed_hosts=foo.example.com bar.example.com webbreaker webinspect --url=https://some.webinspect.server.com --settings=MyCustomWebinspectSetting --scan_policy=Application --scan_name=some_scan_name
Source: https://github.com/target