Conviso DAST

Introduction

Scan and protect your application with Conviso DAST, consolidating all your vulnerabilities and risks in the Conviso Platform.

At Conviso, we believe that AppSec goes beyond security tools, and we offer a comprehensive approach that includes consulting, training, and support services.

Usage

1. The first step to executing a DAST is to create an asset in the Conviso Platform. To do this, click on Asset Management in the side menu, then New Asset (1) and select Manual (2).

2. An asset can be an application of your company, so let's call it My Application. Then, fill in the fields Business Impact (which indicates the asset's impact on your business), Data Classification (which indicates the sensitivity of the data), and Attack Surface (which indicates whether the application is exposed to the internet or not). Finally, in the URL field, enter the URL where the DAST will be executed and click Create.

3. With the asset created, let's access it to schedule the DAST. To do this, click on its name.

4. Now, click on the highlighted text below to schedule:

Select whether the DAST should be executed monthly or weekly, enter the day of the week, the execution time (in GMT-3), and the type of analysis.

If the Type of analysis is web, no additional options need to be considered. If the Type of analysis is API, you will need to specify the API format (SOAP, GraphQL, or OpenAPI). In this case, the URL should contain the API structure. Here is an example: https://swagger.io/docs/specification/basic-structure/.

5. With the configuration complete, click Create, and your scheduling will be set up:

6. A message indicating that the scheduling has been completed should appear on the screen:

7. You can view information about the most recent scans of the asset, as well as monitor the current status, from the area indicated below:

8. To view the DAST results, click on Vulnerabilities in the left side menu:

9. To view more information about a specific vulnerability, click on the title:

10. On this page, you can view the details of the vulnerability, such as severity, status, URL, request, response, description, solution, and reference.

note

When the vulnerability is fixed, running the next scan should identify it, and then change the vulnerability status to "Fixed" automatically.

With the above, you should be able to run DAST on the Conviso Platform.

Support

Should you have any questions or require assistance while using the Conviso Application Security Testing, feel free to contact our dedicated support team.

Resources

By exploring our comprehensive content, you’ll discover resources that will enhance your understanding of AppSec.

Securing customers CI/CD pipelines using Conviso CLI: This article presents the possibilities of using the Conviso CLI for your CI/CD pipeline.