# DAST Scans

{% embed url="<https://youtu.be/pCBPNFOjJn8>" %}

### DAST Scan or Website Scan from CloudDefense UI

In DAST scan we provide a website address for example <https://console.clouddefenseai.com> and DAST scanner will check for vulnerabilities on the provided target.To Start a new DAST Scan from UI follow below steps:

#### Step 1 : Login Cloud Defense console instance

Please login to your Cloud Defense by clicking [**here**](https://console.clouddefenseai.com/)

#### Step 2: Click on “Scan” on top and then select “Other”  <br>

<figure><img src="https://lh6.googleusercontent.com/MENFzDsw-hjyAZO40giTk3hOp1dRsMCSWc6pYpbRQo8RtzQlwf38ptnhbnUafUAFhcCeY0RYDUmkouZM6JBpioIL7Pii0Q3F2ZwNRfhBw83wMBkOds0s-fUWwMeuXkykUf1GxdFaouIP23U5_c4ZFv9B5goBRj_hzjoo4whW_jJzKr9g74mCObPHWg" alt=""><figcaption></figcaption></figure>

#### Step 3: After clicking on “Other” select “DAST”

<br>

<figure><img src="https://lh5.googleusercontent.com/X3n8zZsZvMAwOnHTAJlvPwhaSzmn3UMos6WXKXAXmuZyWudNixPeyXEuUC38yKNLO_QrFLtVy6UDzQI0wNg7UBmOSfGY0tAukuO9UeJETAT6ZtsMkCKc7TSL4Y0O1ZjmXI1b2LKzYh7ap5ayfwdV4mtH_yK6OUGFmSaC5QK1ssw0Hxen-YfC8Nf42Q" alt=""><figcaption></figcaption></figure>

**Step 4:  Now you can run a simple scan by just providing Resource URL**

<br>

<figure><img src="https://lh5.googleusercontent.com/7mGGYBT1I2MACcUfuZzx0hBQJlsOArEh26_aCb-ZSc6xyUu02Onj2V4aaK-BQtLkx7sXX_Fj0kKV2QtLek9N0dG2XulvrLVq_jPMFlJ4WUvJtsvsNidzT9M0xP2Rm_D2J_ZrCB3UVJkEKcG0Ol_VaK03JPq__tbnz_vJIm9rEP3rxQTiggWVVPk3Tg" alt=""><figcaption></figcaption></figure>

If you want more control over your scanning configuration and features then you can use **“Advanced options”**<br>

<figure><img src="https://lh6.googleusercontent.com/_RMAEF2J8gu9hGXmCVOaYVKjgSgGX-ur-Sx7Ne0Pn7IG2T3Xh0ETFnYkjeYQ0fuVeiHjQYvo9K6aSLKeYEcbjDsAHhybda55nmR9GOmlY6PPNohswZHyx-6RHenR8u64dQreH89XLHFc7lS02U53BPhGMtfo4JeKCUz_yYxb4wmYXnqBV79SJywCew" alt=""><figcaption></figcaption></figure>

1. **Resource URL** - Provide target address, example: <https://console.clouddefenseai.com&#x20>;
2. **Login URL** - Page where we can submit login credentials for example <https://website.com/login.php&#x20>;
3. **Submit field** - Name of Submit field which needs to be clicked automatically&#x20;
4. **Username** - This could be email, phone, username value which you use&#x20;
5. **Username field** - This is input field username’s name&#x20;
6. **Password** - This is part of your credential value&#x20;
7. **Password field** - This is input field password’s name&#x20;
8. **Proxy Host** - If your website is behind VPN and you have Proxy VPN Credentials for that, then provide Host from that credential&#x20;
9. **Proxy Port** - Provide Port number from your VPN Credentials&#x20;
10. **Scan Type** -&#x20;

&#x20;   a) **Website Scan** - This is the fastest scan and it scans websites without sending a lot of        requests to perform tests, you can also call it light-weight scan.&#x20;

&#x20;   b) **Deep scan** - This scan takes more time and sends a lot of requests to perform different kinds of vulnerability checks.

### DAST Scan from CLI

1. Install cdefense CLI in your Device using these steps - <https://github.com/CloudDefenseAI/cd#installation&#x20>;
2. Now run below command to run DAST Scan from CLI

`cdefense dast --api-key=<CLOUDDEFENSE_API_KEY> --url=https://website.com --project-name=example-website-scan --scan-type="full" --verbose`

\
\
\
\
\
\
\ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.clouddefenseai.com/scans/dast-scans.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.