Dynamic Application Security Testing (DAST)

img

Introduction#

The Dynamic Application Security Testing (DAST) is a type of automated security test that aims to analyze the behavior of the application, handling the sending of requests to the server in search of possible vulnerabilities.

Advantages#

All results found by the DAST tool will be available to users on the Conviso Platform, making it easier to manage the vulnerability correction process. Your enterprise will get more control over the process and will be able to ensure that the entire correction flow is carried out following the market best practices.

Requirements#

In order to use the DAST Scan, you will need:

  • A web application;
  • An URL to this web application that is reachable from Conviso Platform;

Creating a New Asset#

Log in to the Conviso Platform;

On the Menu to the left, choose Assets Management. At the panel to the left, click on the drop-down list + New Asset:

img

On the drop-down list, choose Add Manually:

img

At the field Name, label your new asset as you wish. Then, click on the Advanced options button:

img

note

Your web application URL must be accessible from Conviso Platform!!!

At the URL field, type the URL of the asset you want to scan:

img

You may want to provide some additional information for your new asset. Fill the corresponding fields of the form wit useful data. When done, click at the button Save at the end of the form:

img

Creating a New Scan Session#

On the main left panel of Conviso Platform, click on the Scans menu, then click on the New option:

img

Select the option DAST. From the drop-down list Asset, select the asset you just created. On the drop-down list Scan Profile, select Full Scan (Dynamic). When done, click on the Scan now button to start your scan:

img

Viewing Current DAST Scan Sessions#

In order to track your current scan sessions, click on the Scans Menu option on the main left panel, then click on the Listing submenu option.

Your current scan sessions will be exhibited. You can filter your scans by status, using the drop-down list labeled Status, query your scans using the Search button or stop your scan at any time, by clicking on the Trash icon to the right of the scan:

img

Scheduling DAST Scans#

In order to schedule new scan sessions, click at the Scans menu option at the main left panel, then click on the Scheduled Scans submenu. On the panel to the right, click on the + New Scheduled Scan button:

img

Select the DAST option on the Scan Type section of the form. From the drop-down list labeled Asset, choose the asset that will be scanned, and the Hour, Minute and Week Day when your DAST Scan will be performed. At last, on the drop-down list Scan Profile, select Full Scan (Dynamic). When done scheduling your DAST Scan, click on the button Send to schedule your Scan:

img

Reviewing Findings#

On the main left panel, click on the Findings menu:

img

Click on the DAST button on the Suggested Filters to filter your DAST scan results:

img