Application Security Platform
Get started

Whitelisting requirements for EU region

This document is for:
Invicti Platform

To ensure the proper functioning of cloud agents and integrations, configure inbound and outbound traffic rules to allow access to the URLs in this document. Correctly configuring network access is a prerequisite for successful and accurate scans of your targets.

These are the whitelisting configuration steps to consider:

  • Inbound connections
  • Outbound connections

Inbound connections

Your target accepting inbound connections

Ensure your target’s network infrastructure allows incoming scanning requests from:

Scope

EU-based customers

Incoming scanning requests

(from the cloud scanners)

scanners-platform-eu.invicti.com

Incoming scanning requests

(from the internal scanners)

IP Address of your Internal Scanning Agent(s)

Predictive Risk Scoring

52.0.216.190

Your integration server accepting inbound connections

Ensure your integration server's network infrastructure allows incoming connections for integration API calls.

Scope

EU-based customers

Integration API calls

3.69.209.29

18.194.203.224

If you have a dedicated environment, ensure access to the environment accordingly.

Outbound connections

Your browser outbound connections

Your browser might be behind an outbound firewall or web proxy, especially when connected to a corporate LAN or VPN. Ensure that your firewall, proxy, or VPN allows outbound connections to the Invicti Platform URL for your location.

Scope

EU-based customers

Browser access to Invicti Platform

https://platform-eu.invicti.com

Invicti Platform internal scanning agent outbound connections

If you have deployed an internal scanning agent, ensure your network infrastructure permits it to establish outbound connections to the following destinations:

Scope

EU-based customers

API calls to Invicti Platform

https://platform-eu.invicti.com        

API calls to the Invicti OOB service for out-of-band vulnerability checking

https://bxss.me

API calls to the safe browsing service

https://sb.bxss.me

API calls to the software composition analysis service

https://sca.invicti.com

Invicti OOB S3 bucket for out-of-band vulnerability checking

https://bxss.s3.dualstack.us-west-2.amazonaws.com

Downloading of update packages for the internal scanning agent & used by cloud and internal agents to send scan data into private S3 buckets

https://*.amazonaws.com

API calls to the Invicti IAST Bridge

https://iast.invicti.com

Scanning requests to your target

IP Address/URL for your target, including destination port

Target Application outbound connections

*If you have deployed an Invicti IAST agent in your target web application, ensure your network infrastructure permits it to establish outbound connections for API calls to the Invicti IAST Bridge URL for your location.

Scope

EU-based customers

Injected payload calls to the Invicti OOB service to provide evidence of out-of-band vulnerability detection.

https://bxss.me

*API Calls to the IAST Bridge

https://iast.invicti.com

Share This Article