Home
Best Practices Guide
Recommended best practices for implementing Seeker in your organization
Vulnerability Handling Guidelines
Recommendations and best practices for the handling of vulnerabilities detected in your applications.
Checker Configuration
You can substantially reduce the number of vulnerability detections without compromising on their significance just by fine-tuning the checker configuration.

Best Practices Guide
Recommended best practices for implementing Seeker in your organization
- Best Practices
  Rolling out a new security testing tool in any organization requires quite a bit of planning and preparation.
- Planning and Preparations
  Things to plan and prepare before starting an actual Seeker implementation.
- Server Deployment and Initial Setup
  Things to consider when planning your Seeker server deployment.
- Configuration and Integration Checklist
  Make the most of Seeker by fine-tuning its settings and integrating the external tools that complement its functionality.
- Securing Seeker Deployment
  Recommended measures that can help you secure your Seeker deployment.
- Application Onboarding Checklist
  Tasks to perform to enable Seeker to test your application for security vulnerabilities.
- Application Testing Guidelines
  Once you have onboarded your application, you need to generate activity and traffic in the application for Seeker to monitor. In most cases, this happens during regular manual or automated QA testing.
- Reviewing Test Results
  Review the results of security testing of your application and included third-party and open-source components, and handle the detected vulnerabilities.
- Vulnerability Handling Guidelines
  Recommendations and best practices for the handling of vulnerabilities detected in your applications.
  - Baselining
    Some useful techniques to prioritize vulnerability handling by distinguishing between the new and historical detections in your application.
  - Checker Configuration
    You can substantially reduce the number of vulnerability detections without compromising on their significance just by fine-tuning the checker configuration.
  - Remediation policies
    To streamline the handling of security vulnerabilities detected by Seeker, consider establishing phased remediation policies.
  - Vulnerability Lifecycle Management
    How Seeker manages vulnerability lifecycle stages and transitions between them.
  - Auto-Triage Vulnerabilities Using APIs
    How to use Seeker APIs to auto-triage vulnerabilities to a selected status.
- Maintenance
  To ensure your Seeker system's health, perform periodic maintenance tasks.
- Performance Optimization
  How to minimize the potential impact of Seeker operation on application performance.

Checker Configuration

You can substantially reduce the number of vulnerability detections without compromising on their significance just by fine-tuning the checker configuration.

Perform some typical testing activities to generate traffic in your application, and explore the collected results.

Investigate checker spikes

Take a close look at the checkers that generate unproportionally numerous results, for example, if you get 900 of Weak Hash checker detections out of 1000 detections.

Some of these checkers might be irrelevant for your use case. For example, many Insufficient SSL Enforcement detections when you are intentionally using HTTP rather than HTTPS in your test environment.

Tip:

You can disable such checkers for a project or project template, as described in Configure Vulnerability Checkers.

Review aggregation rules

Aggregation rules instruct Seeker how to aggregate multiple similar detections into one vulnerability. Their default settings might not be strong enough for particular checkers generating too many results, so you can try to fine-tune these rules.

For example, if you have a function that applies a weak hash algorithm such as MD5, you might find Weak Hash vulnerabilities reported for every single endpoint that uses this function. To avoid this, change the By endpoint aggregation condition to Disabled. As a result, all this checker's detections for different endpoints will be aggregated into one vulnerability.

For instructions, see Configure Aggregation Rules.