DAST Scans
Dynamic application security testing (DAST) is a process of testing an operating application or software product in order to identify potential security vulnerabilities and architectural weaknesses.
Last updated
Dynamic application security testing (DAST) is a process of testing an operating application or software product in order to identify potential security vulnerabilities and architectural weaknesses.
Last updated
In DAST scan we provide a website address for example https://console.clouddefenseai.com and DAST scanner will check for vulnerabilities on the provided target.To Start a new DAST Scan from UI follow below steps:
Please login to your Cloud Defense by clicking here
Step 4: Now you can run a simple scan by just providing Resource URL
If you want more control over your scanning configuration and features then you can use “Advanced options”
Resource URL - Provide target address, example: https://console.clouddefenseai.com
Login URL - Page where we can submit login credentials for example https://website.com/login.php
Submit field - Name of Submit field which needs to be clicked automatically
Username - This could be email, phone, username value which you use
Username field - This is input field username’s name
Password - This is part of your credential value
Password field - This is input field password’s name
Proxy Host - If your website is behind VPN and you have Proxy VPN Credentials for that, then provide Host from that credential
Proxy Port - Provide Port number from your VPN Credentials
Scan Type -
a) Website Scan - This is the fastest scan and it scans websites without sending a lot of requests to perform tests, you can also call it light-weight scan.
b) Deep scan - This scan takes more time and sends a lot of requests to perform different kinds of vulnerability checks.
Install cdefense CLI in your Device using these steps - https://github.com/CloudDefenseAI/cd#installation
Now run below command to run DAST Scan from CLI
cdefense dast --api-key=<CLOUDDEFENSE_API_KEY> --url=https://website.com --project-name=example-website-scan --scan-type="full" --verbose
