WebBreaker - Dynamic Application Security Test Orchestration | HACK4NET

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing (DAST) as part of your DevOps pipeline.

WebBreaker truly enables all members of the Software Security Development Life-Cycle (SDLC), with access to security testing, greater test coverage with increased visibility by providing Dynamic Application Security Test Orchestration (DASTO). Current support is limited to the World's most popular commercial DAST product, WebInspect.

System Architecture

Supported Features

Command-line (CLI) scan administration of WebInspect with Foritfy SSC products.
Jenkins Continuous Deployment support
Docker container support
Email alerting or notification.
Extensible event logging with scan administration and results.
WebInspect REST API support for v9.30 and later.
Fortify Software Security Center (SSC) REST API support for v16.10 and later.
WebInspect scan cluster support between two (2) or greater WebInspect servers/sensors.
Capabilities for extensible scan telemetry with ELK and Splunk.
GIT support for centrally managing WebInspect scan configurations.
Python compatibility with versions 2.x or 3.x

Quick Local Installation

Install WebBreaker from github.com.

git clone https://github.com/target/webbreaker
export PATH=$PATH:$PYTHONPATH
python setup.py install

NOTE:

As with any Python application pip is required for install and execution.
Include your site-packages, if they are not declared export PATH=$PATH:$PYTHONPATH.
WebBreaker is compatible with Jenkins Global Environmental variables or other custom parameterized strings in Jenkins can be passed, for example --scan_name=${BUILD_TAG}.

Github Project