​

Add External Email Subscribers in Web App Scanning

Published November 21, 2024 | Last modified December 11, 2024

Objective

In this article, we will cover the topic of external email subscribers in F5® Distributed Cloud Web App Scanning. This feature allows you to add external team members or consultants to receive email notifications about completed penetration tests, even if they are not users of F5® Distributed Cloud Web App Scanning. Each email notification includes a link to download a PDF version of the completed penetration test, enabling external parties to review the results without needing access to the F5® Distributed Cloud Web App Scanning platform.

Prerequisites

To follow the steps in this guide, you must have already set up an application in F5® Distributed Cloud Web App Scanning. When you set up a new application, a test profile called Default Profile is automatically created with a set of default settings. However, you can create additional profiles if needed.

Adding a New Email Subscriber

To add a new email subscriber to a test profile, follow these steps:

  1. Navigate to the application you have set up in F5® Distributed Cloud Web App Scanning.
  2. Click on Edit (this requires at least User-level rights for the selected application).
  3. Click on Profiles.
  4. Select the profile to which you would like to add the email subscriber.
  5. Scroll to the Email Subscribers section.
  6. Click Add in the Email Subscribers section.
  7. Enter the email address of the subscriber.
  8. Click Submit.

After completing these steps, your new subscriber will be added to the list. The next time a penetration test using the selected test profile is completed, the subscriber will receive an email with a link to download a PDF version of the penetration test report. The subscriber does not need to have a user account in F5® Distributed Cloud Web App Scanning and will not need to log in to access the report. Instead, a unique key embedded in the email link allows the recipient to follow the link and download the PDF report directly.

The unique key in the link is valid for seven days from the time of notification and will automatically expire after this period.

Note: Treat the link as confidential. It grants access to the complete penetration test report, including technical details about vulnerabilities identified during the test.

Unsubscribing from Email Notifications

If a subscriber wishes to unsubscribe from email notifications, they can simply click the unsubscribe link included in the email. This will automatically remove them from the subscriber list, and they will no longer receive notifications. To resubscribe, they must contact someone with User-level rights for the relevant application.

F5® Distributed Cloud Web App Scanning complies with the RFC 2369 standard and includes a List-Unsubscribe header in email notifications sent to external subscribers. This enables easy unsubscription using an email client that supports the standard.

Alternatively, a User-level user can manually remove a subscriber from the list via the test profile's settings page.

For further assistance, please contact our support team.

On this page: