Frequently asked DAST questions
  • What checks are performed in a scan?
    Minimum checks will include the most current Open Web Application Security Project (OWASP) Top 10 Application Security Risks.
    • Injection
    • Broken Authentication
    • Sensitive Data Exposure
    • XML External Entities
    • Broken Access Control
    • Security Misconfiguration
    • Cross-Site Scripting
    • Insecure Deserialization
    • Using Components with known vulnerabilities
    • Insufficient Logging and Monitoring
  • How does a DAST scan results look like?
Vulnerabilities example on a DAST scan
  • How is the attack surface determined?
    • Based on the requests collected by the scan tool, an attack surface will be determined such as constant ids, id passing as part of URL, tokens, methods, and so on.
  • How are different endpoints identified?
    • A Scan identifies web app endpoints by parsing routes and identifying parameters. For example, if the main page is http://localhost:8080 the scan tool will scan through all routes accessible from the main page.
  • Will the scan tool detect a bad implementation from handwritten code?
    • The scan detects all common vulnerabilities and most of those can be simulated in an application. For example, SQL Injection is something that can be easily simulated in the code and users can validate if a scan detected it.
  • What types of authentication support?
    • Please refer to the scan CLI docs for more information.
    • Authenticated scans coming soon.
  • How can I scan an application hosted on my machine?
    • Scans are run in a Docker container so as long as the container can access the host machine user can execute the scan. For example, if a user would like to execute a scan on a local application running on a mac on port 8080, you could use URL as http://docker.for.mac.localhost:8080
Copy link