Web Application Security

© 2020 General Electric Company

Contents

Web Application Security 1

Web Application Security Service Overview 1

Getting Started with Tinfoil Web Application Security 2

Creating a Web Application Security Service Instance 2

Using Web Application Security 4

Using the Web Application Security Service 4

ii Web Application Security

Copyright GE Digital© 2020 General Electric Company.

GE, the GE Monogram, and Predix are either registered trademarks or trademarks of General Electric Company. All other trademarks are the property of their respective owners.

This document may contain Confidential/Proprietary information of General Electric Company and/or its suppliers or vendors. Distribution or reproduction is prohibited without permission.

THIS DOCUMENT AND ITS CONTENTS ARE PROVIDED "AS IS," WITH NO REPRESENTATION OR WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF DESIGN, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. ALL OTHER LIABILITY ARISING FROM RELIANCE UPON ANY INFORMATION CONTAINED HEREIN IS EXPRESSLY DISCLAIMED.

Access to and use of the software described in this document is conditioned on acceptance of the End User License Agreement and compliance with its terms.

© 2020 General Electric Company iii

Web Application Security

Web Application Security Service OverviewAs an Org Admin, learn how Tinfoil's Web Application Security service can help you bring security testingand tools into the DevOps testing arsenal.

Note: This service is available for use by Org Admins only.

Tinfoil's Web Application Security service simplifies the security process, bringing security into DevOpsteams. Development teams are hundreds to thousands strong, while security teams are vastly smaller.These development teams have tests for functional bugs using tools such as unit tests and integrationtests, but there is little or no testing of security issues. Tinfoil brings security tools into this processwithout adding any new burden or platforms to learn.

Tinfoil's dynamic heuristic testing allows DevOps teams to find more web application vulnerabilities thancompeting products, and with fewer false positives. Tinfoil regularly incorporates new tests and alwaysscores higher than any other scanner on industry standard benchmarks. Web Application Security is theonly scanner tested to have found every vulnerability with a zero false positive rate. To see the mostrecently published results, check out http://sectoolmarket.com.

Whether integrating the Web Application Security API into a system or viewing vulnerability data on ourwebsite, you will find no hangups and no jargon because our mission is to simplify the vulnerabilityreporting and fixing process. We will give you how-to-fix instructions complete with code snippets,tailored to the language you used to write your application. Any engineer can effortlessly find and fix theroot cause of a vulnerability, regardless of their prior security experience. Integrations allow us to fit rightinto the developer’s workflow, so we never break them out of the builder’s mindset.

To see details about using Tinfoil Web Application Security service, see https://www.tinfoilsecurity.comand http://support.tinfoilsecurity.com.

© 2020 General Electric Company 1

Getting Started with Tinfoil Web ApplicationSecurity

Creating a Web Application Security Service InstanceOrg Admins can use this service for access to Tinfoil Security instance accounts.

Before You Begin

Note: This service is available only to Org Admins.

Create your Service

As an Org Admin, you can create a service for access to Tinfoil Security site.

1. Sign into your Predix account at https://www.predix.io.2. Navigate to Catalog > Services tab, and click the Web Application Security service tile.3. Click Subscribe on the required plan.4. On the new Service Instance page, enter the following information:

Field Description

Org Select your org.

Space Select the space for your application.

Service instance name Specify a unique name for your instance.

Service Plan Select a plan.

5. Click Submit to display the console page.6. Click on the link provided in the console page to open the Tinfoil Security site.

https://www.tinfoilsecurity.com/predix/saml/init7. Login with your Predix credentials.

Using Cloud Foundry Commands to Create your Service Instance (optional)

Some users prefer to use the Cloud Foundry commands.

Procedure

1. List the services in the Cloud Foundry marketplace.

cf marketplace

The Web Application Security service, web-application-security, is listed as an availableservice.

2. Create a Web Application Security service instance.

cf create-service web_application_security <plan><my_web_application_security_instance>

where:

2 © 2020 General Electric Company

• <plan> is the plan associated with a service. Use <plan-type> for the web-application-security service.

3. Open this link: https://www.tinfoilsecurity.com/predix/saml/init4. Login with your Predix credentials.

© 2020 General Electric Company 3

Using Web Application Security

Using the Web Application Security Service

Enhance your DevOps security suite with these Tinfoil security tools:

• https://www.tinfoilsecurity.com/enterpriseoverview.pdf• https://www.tinfoilsecurity.com/support

4 © 2020 General Electric Company