This section is a simple demo that walks through the basic ThreadFix setup and functionality after having set up ThreadFix per our Installation and Upgrade Guide and starting Tomcat.
Accessing the Login Page
After launching Tomcat for the first time after ThreadFix deployment, ThreadFix will connect to your database server and populate the schema. This can take several minutes; you can monitor the progress via the <threadfix_deploy>/logs/threadfix.log file...look for a "Finished updating Enterprise Tags" entry to signal that the deployment is complete. Try accessing the login page to verify.
Example deployment URL...
If you deployed the ThreadFix artifact in the <catalina_home>/webapps/threadfix directory, your ThreadFix URL, by default, would be your Tomcat URL plus "/threadfix" at the end. For instance, If you connect to Tomcat at http://my.tomcat.server:8080, your ThreadFix URL would be http://my.tomcat.server:8080/threadfix.
| Note |
|---|
If the login prompt does not render correctly in Internet Explorer, ensure that Compatibility View is disabled. E.g., you may need to disable the "Display intranet sites in Compatibility View" setting. |
Logging In
You can log in with the following default credentials:
- Username: user
- Password: password
| Warning |
|---|
After logging in for the first time, you should either change the default user's username and password or create a new local admin user and delete the default. For more info, refer to the User Administration section. |
Dashboard
After logging in, you'll be presented with the Dashboard.
In order to be able to upload a scan, you'll need to create at least one team and at least one application within that team...you'll see a Get started link to help you do so.
Create Team
When clicking the Get started link in the Dashboard, you'll be directed to the Teams page and presented with a New Team modal dialog prompting you to name the team you want to create.Type a team name and Portfolio page, where you need to click the Add Team button.
Type the desired team name in the New Team modal dialog and click the Add Team button.
A success banner will appear back in the Teams Portfolio page, and your new team will be listed.
Create Application
To create an application in your new team, expand it and click the Add Application button to the right of below the team name.
A New Application modal dialog will appear; fill out at least the Name field for the purposes of this demo.
A success banner will appear; you can expand the team to see the newly-created application.
Upload Scan
(Sample scan file: w3af-demo-site.xml)
Click Expand the application and click the Upload Scan button to open an Upload Scan dialog.
You can either drag and drop a scan file into the dialog or click Browse to navigate to the file.
Alternately, you can click on the application's link to navigate to its Application Details page and either drag and drop a scan file into it or click Action→Upload Scan to open the same dialog shown above.
The uploaded scan will be put into a queue. You can check its progress in the Application Details page...
- A banner at the top will indicate that changes are pending.
- Clicking the Scans tab below the Vulnerability Trending report will show a processing x scan(s) banner .Clicking the processing banner will expand it to show the queued and processing scansscan upload being executed.
When complete, a the banner at the top will indicate as such; click the banner it to refresh the page, which will show the result of the uploaded scan.
| Table of Contents |
|---|