WAS — Environments Overview
Overview
The Environments module centralizes key-value pairs that define:- Base URLs for the application under test
- Additional operational variables needed during scanning
- Vulnerable test environments for security validation workflows
Environment Types
Production Environment
Contains variables used for scanning your real application such as production URLs or API keys.
Vulnerable Environment
Defines controlled vulnerable systems (e.g., DVWA, custom vulnerable APIs) for training or validation.
Production Environment
Production Environment — Variable Configuration
- Key — Name of the variable (e.g.,
url) - Type — Default or custom category
- Value — Assigned environment value (e.g.,
https://apiv2.shiprocket.in)
Vulnerable Environment
Vulnerable Environment — Variable Configuration
- Security training and demonstrations
- Validating exploit detection rules
- Regression testing after rule updates
- Key — Variable identifier (e.g.,
vuln_base_url) - Value — URL of vulnerable host (e.g.,
http://54.234.21.239)
Key Actions Available
Add Variable
Create new environment variables for production or vulnerable targets.
Edit Variable
Modify existing key-value pairs to adjust application or test URLs.
Delete Variable
Remove unused or deprecated environment entries.
When to Use the Environments Page
Manage URLs Across Scans
Centralize base URLs instead of manually entering them for each scan.
Configure Vulnerable Test Labs
Set up training or testing environments for rule and detection evaluation.
Support Multi-Stage Deployments
Switch between QA, staging, or production setups easily.
Simplify Rule Execution
Rules automatically pull the correct values from environment variables.
Next Steps
Configure Rules
Define detection logic that leverages environment variables for scanning.