Dynamic application security testing (DAST) is a process of testing an operating application or software product in order to identify potential security vulnerabilities and architectural weaknesses.
In DAST scan we provide a website address for example https://console.clouddefenseai.com and DAST scanner will check for vulnerabilities on the provided target.To Start a new DAST Scan from UI follow below steps:
Step 4: Now you can run a simple scan by just providing Resource URL
If you want more control over your scanning configuration and features then you can use “Advanced options”
- 1.Resource URL - Provide target address, example: https://console.clouddefenseai.com
- 2.Login URL - Page where we can submit login credentials for example https://website.com/login.php
- 3.Submit field - Name of Submit field which needs to be clicked automatically
- 4.Username - This could be email, phone, username value which you use
- 5.Username field - This is input field username’s name
- 6.Password - This is part of your credential value
- 7.Password field - This is input field password’s name
- 8.Proxy Host - If your website is behind VPN and you have Proxy VPN Credentials for that, then provide Host from that credential
- 9.Proxy Port - Provide Port number from your VPN Credentials
- 10.Scan Type -
a) Website Scan - This is the fastest scan and it scans websites without sending a lot of requests to perform tests, you can also call it light-weight scan.
b) Deep scan - This scan takes more time and sends a lot of requests to perform different kinds of vulnerability checks.
- 1.Install cdefense CLI in your Device using these steps - https://github.com/CloudDefenseAI/cd#installation
- 2.Now run below command to run DAST Scan from CLI
cdefense dast --api-key=<CLOUDDEFENSE_API_KEY> --url=https://website.com --project-name=example-website-scan --scan-type="full" --verbose