Home
Best Practices Guide
Recommended best practices for implementing Seeker in your organization
Securing Seeker Deployment
Recommended measures that can help you secure your Seeker deployment.

Best Practices Guide
Recommended best practices for implementing Seeker in your organization
- Best Practices
  Rolling out a new security testing tool in any organization requires quite a bit of planning and preparation.
- Planning and Preparations
  Things to plan and prepare before starting an actual Seeker implementation.
- Server Deployment and Initial Setup
  Things to consider when planning your Seeker server deployment.
- Configuration and Integration Checklist
  Make the most of Seeker by fine-tuning its settings and integrating the external tools that complement its functionality.
- Securing Seeker Deployment
  Recommended measures that can help you secure your Seeker deployment.
- Application Onboarding Checklist
  Tasks to perform to enable Seeker to test your application for security vulnerabilities.
- Application Testing Guidelines
  Once you have onboarded your application, you need to generate activity and traffic in the application for Seeker to monitor. In most cases, this happens during regular manual or automated QA testing.
- Reviewing Test Results
  Review the results of security testing of your application and included third-party and open-source components, and handle the detected vulnerabilities.
- Vulnerability Handling Guidelines
  Recommendations and best practices for the handling of vulnerabilities detected in your applications.
- Maintenance
  To ensure your Seeker system's health, perform periodic maintenance tasks.
- Performance Optimization
  How to minimize the potential impact of Seeker operation on application performance.

Securing Seeker Deployment

Recommended measures that can help you secure your Seeker deployment.

Allow only secure connections to the server

By default, the Seeker server is configured to accept both HTTP and HTTPS communications. To strengthen the communication security, we recommend disabling HTTP connections by deleting or commenting out the corresponding entries in the server configuration file. For detailed instructions, see Customize Seeker Connection Settings.

Replace the self-signed certificate

The initial installation of Seeker provides a self-signed certificate to enable HTTPS connections on a dedicated port. By default, this port number is 8443, but you can customize it during or after an installation. While this certificate is enough for testing and training purposes, you should not rely on it for production usage. Instead, provide your own certificate and deploy it, as described in Configure HTTPS Certificates.

Integrate with your enterprise identity provider

Seeker provides a local account system for the manual creation and maintenance of users and groups. Additionally, Seeker can integrate with LDAP/Active directory or SAML IdPs (identity providers) for user authentication. If your enterprise IdP supports one of these protocols, we recommend enabling this integration instead of managing local accounts on the Seeker server. This way you will be taking advantage of all the capabilities of your IdP, for example, two-factor authentication.

For detailed instructions, see Configure LDAP/Active Directory, Configure SAML 2.0-based SSO.