ASPM v1.4.0
As the platform expands and matures, transparent and convenient plan management helps customers proactively try out and evaluate the solution.
FPT Smart Cloud introduces the DAST Integration feature — a solution that lets organizations:
- Connect APIs directly into the security platform
- Integrate DAST Scan into the CI/CD pipeline on the AppSec Service
With the provided sample scripts, users can:
- Automatically trigger scans on every build/deploy
- Actively monitor and retrieve scan results
→ Detect runtime vulnerabilities early, reduce the risk of shipping defects to production, and build an effective DevSecOps process.
📦 RELEASED FEATURES
1. DAST API Integration Management
📝 Description
Provides the DAST API Integration List screen to manage the full lifecycle of API integration and DAST scanning.
⚙️ Features
- Manage Authentication Profile
- View / Create / Edit
- Domain Ownership Verification
- Manage API Source:
- Add / Enable / Disable / Delete
- Retrieve CI/CD Scan Script
Displayed information
-
Profile Name
-
Domain Access
-
Access Key (show/hide, reset)
-
Ownership status
-
Added At
-
Actions
-
Search by Profile Name and Domain
📊 Capacity
- Supports multiple profiles / API Sources
- Suitable for large API systems
- Integrates with multiple CI/CD pipelines in parallel
⚡ Performance
- Fast loading on large datasets
- Realtime search
- Does not interrupt running scans
2. Add Authentication Profile
📝 Description
Configure authentication credentials so DAST can send valid requests to the API.
⚙️ Features
-
Create profile directly
-
Configure Domain Access
-
Authentication support:
- Query params (≤5)
- Headers:
- Bearer Token
- Basic Auth
- Cookie
- Custom Header (≤5)
-
Smart validation:
- No duplicate keys
- Disable option when the limit is reached
- Domain validation
-
Domain status:
- Not verified → Verify Now
- Verified → Verified
📊 Capacity
- Multiple profiles per organization
- Supports complex auth schemes
- Scales for enterprise use
⚡ Performance
- Fast creation, optimized validation
- Smooth UI response
- Does not interrupt running scans
3. Edit Authentication Profile
📝 Description
Edit a profile without interrupting scans or pipelines.
⚙️ Features
- Edit in place (except Domain Access)
📊 Capacity
- Update multiple profiles
- Does not affect API Sources
⚡ Performance
- Fast updates
- No scan interruption
4. Verify Domain
📝 Description
Verify domain ownership to enable full DAST scanning.
⚙️ Features
-
Verify via:
- DNS TXT Record
- HTML File Upload
-
Results:
- Success → Verified + Access Key generated
- Fail → retry
-
Auto-apply to the same root domain
📊 Capacity
- Reuse verification across profiles
- Supports multiple domains
⚡ Performance
- Async verification
- Fast response
- Does not interrupt scans
5. View API Source List
📝 Description
View and manage API Sources within each profile.
⚙️ Features
-
Expand a profile to view its API Sources
-
Displays:
- Source Name
- API Document / Swagger
- Endpoint
- Status (Active / Inactive)
-
Actions:
- Enable / Disable / Delete
- View CI/CD Script
📊 Capacity
- Many API Sources per profile
- Suitable for large API systems
⚡ Performance
- Load on-demand
- Does not interrupt scans
6. Add API Source
📝 Description
Declare a Swagger source and endpoint for DAST API scanning.
⚙️ Features
-
Create from a profile with a verified domain
-
Supports:
- Swagger URL
- JSON upload
-
Auto-parse:
- Header / Path / Query params
-
Displays IP whitelist
📊 Capacity
- Many APIs per profile
- Supports large systems
⚡ Performance
- Fast parsing
- Realtime updates
7. Enable / Disable API Source
📝 Description
Toggle an API Source without deleting it.
⚙️ Features
- Disable → type "disable"
- Enable → confirm popup
- Realtime status update
📊 Capacity
- No limit on toggles
⚡ Performance
- Instant updates
- No impact on other APIs
8. Delete API Source
📝 Description
Remove an API Source that is no longer in use.
⚙️ Features
- Type "delete" to confirm
- Stops all related scans
📊 Capacity
- Delete each API independently
⚡ Performance
- Fast processing
- No impact on the system
9. View CI/CD Scan Script
📝 Description
View and copy the cURL script for scan integration.
⚙️ Features
-
Displays:
- Team Name / Code
- Access Key
-
Script:
- Trigger scan
- Get result
-
Quick-copy support
📊 Capacity
- Works in any environment (Test / Staging / Prod)
⚡ Performance
- Renders instantly
- No impact on scans
10. CI/CD Pipeline DAST Scan Integration
📝 Description
Integrate DAST scanning into the pipeline via API.