Home
Administration Guide
Administration, configuration, and management tasks needed for the optimal use of Seeker
Project Administration
Management and configuration tasks that Seeker administrators can perform for projects.
Configure Project Features
Customize the way Seeker handles a project by configuring its various features.
Configure Authentication Validation
Authentication validation can discover API endpoints that do not perform an authentication check.

Administration Guide
Administration, configuration, and management tasks needed for the optimal use of Seeker
- System Administration
  Seeker provides a set of tools that enable administrators to configure, customize, and fine-tune various features and capabilities of the system, as well as integrate external tools.
- User Administration
  Introduces the Seeker role-based access control (RBAC) concept, and outlines the user administration tasks.
- Project Administration
  Management and configuration tasks that Seeker administrators can perform for projects.
  - Add a Project
    To start monitoring an application, add a project, and activate it by connecting an Agent.
  - Edit a Project
    Edit project properties.
  - Manage a Project
    Perform project managements tasks, such as delete a project, create a project template, and manage a composite project.
  - Manage Project Membership
    Control access to project-related operations by managing project membership.
  - Configure Project Settings
    To customize Seeker's behavior for a project, configure various project settings.
  - Configure Project Features
    Customize the way Seeker handles a project by configuring its various features.
    - Configure Active Verification
      Define how to apply Active Verification to the requests generated by an application.
    - Configure Authentication Validation
      Authentication validation can discover API endpoints that do not perform an authentication check.
    - Configure Active Inspection
      Instruct Seeker to actively discover and inspect unused and empty request parameters using unsafe content, as well as untested endpoints and APIs.
    - Configure Cross-Project Analysis
      Seeker enhances data flow analysis by an ability to track unsafe data across projects.
    - Configure Data Flow Map
      Enable Seeker users to explore their application's real-time interactions with other resources, such as databases and internal or external services.
    - Configure Endpoint Discovery
      Enable Seeker to discover all the declared and visited inbound endpoints in applications, such as APIs and application pages, to present a visual overview of their test coverage on the Endpoint Risk page.
    - Configure Project Version Management
      Project version management enables Seeker to automatically detect the application version and assign the detected vulnerabilities to this version.
    - Configure Tracking Unsafe Data from External APIs
      Applications often trust data received from external APIs without validating their safety. Seeker helps you ensure the safe consumption of external APIs by treating their responses as unsafe data.
    - Configure Maximum Connected Agents
      Optimize your application performance by limiting the number of simultaneously connected Agents.
    - Configure Stack Trace Capturing
      Optimize your application performance by configuring the capturing of data flow stack traces for vulnerability detections in a project.
    - Configure Sampling
      Configure how the Agents should monitor identical requests.
    - Configure Suspending Agent on High Resource Usage
      Safeguard your application performance by automatically suspending Agent operation on high CPU/memory usage.
    - Configure Activity Monitoring
      Configure Seeker to monitor application activities.
    - Configure Automatic Project Creation in Composite Projects
      Enable the feature of automatic creation of regular projects within composite projects.
    - Configure Project Membership Inheritance in Composite Projects
      Facilitate user administration for composite projects.
    - Configure Software Composition Analysis
      Seeker integrates the composition analysis tools BDBA® and BDBA® (BDBA).
    - Configure Rapid Scan Static
      Configure Seeker to run Rapid Scan Static powered by the Sigma engine.
- Maintenance
  To ensure your Seeker system's health, perform periodic maintenance tasks.
- Using APIs
  Seeker provides a set of Web (REST) APIs that expose its basic functionality. You can use these APIs to automate various administration tasks, such as managing projects, exporting vulnerabilities or creating a diagnostic dump.
- Appendix A. Seeker Environment Variables
  Seeker uses a number of operating system (OS) environment variables and Java Virtual Machine (JVM) properties that administrators can configure to customize and fine-tune the behavior of Seeker server and Agents.

Configure Authentication Validation

Authentication validation can discover API endpoints that do not perform an authentication check.

In the main menu, click (Projects) and open a project that you want to configure.
Click Features.
In the Authentication Validation row, turn on the Enabled switch.

To exempt some requests and responses from validation, you must set up exclusion rules. Do as follows:

In the same row where you enabled Authentication Validation, click Configure exclusion rules.
To create a new rule, click Add exclusion rule. Click Edit to change an existing rule.

In the Create/edit exclusion rule page that opens, enter the following:

Table 1. Fields for creating exclusion rules
Option	Description
Request/response part	From the dropdown list, choose how you want to identify the endpoints to be excluded from this checker: Request path Request parameter Request header name
Pattern	Enter a pattern for matching paths, parameters, or headers of requests and responses you want to exclude. Endpoints that match this pattern will not be subject to the Authentication Validation checker.

Note: You can use an asterisk (*) as a wild card in a pattern. For example: com.mycompany.testapp.*.

Save your changes.

Create a sanitizer with the type Auth, using the instructions in this page: Configure Sanitizers and Validators.

Attention: A sanitizer is required for Authentication Validation to work properly.