Find vulnerabilities before cyber criminals exploit them.

Dynamic Analysis (DAST)

Dynamic Application Security Testing (DAST), or “black-box” testing, identifies architectural weaknesses and vulnerabilities in your running web applications before cyber-criminals can find and exploit them.

If you’re like most businesses, your goal is to ensure applications are secure both before and after they’ve shipped. To help, DAST:

  • Takes the same approach as cyber criminals when probing the attack surface, such as deliberately supplying malicious data to input fields of web forms and shopping carts.

  • Tests web applications in pre-production staging—using a virtual appliance for local scanning—as well as after they are released.

  • Identifies highly-exploitable vulnerabilities such as SQL injection and Cross-Site Scripting. It also finds runtime issues that can’t easily be found by looking at code in its offline state via SAST, such as authentication issues, server misconfiguration issues and vulnerabilities that are only visible when you login as a known user.

Veracode Dynamic Application Scan TypesDynamicDS (Deep Scan): The simplest and fastest way to secure all your web applications without requiring addtional resources. Provides a comprehensive deep scan that identifies web application vulnerabilities using both authenticated and non-authenticated scans, including attack vectors such as cross-site scripting (XSS), SQL injection, insufficiently protected credentials and information leakage.

DynamicDS also integrates its security intelligence with WAFs to enable rapid mitigation of critical vulnerabilities. This virtual patching approach enables WAFs to have the latest threat information on specific application vulnerabilities so they can better shield applications from exploits.

Virtual Scan Appliance (VSA): Enables deep scanning of web applications located behind the firewall, such as pre-production testing of web applications before they’re deployed. Also protects critical applications from insider attacks or attacks by malicious outsiders who gain access to insider credentials. Results are consolidated with other security information through our centralized cloud-based platform.

DAST complements other techniques such as SAST and manual penetration testing to find vulnerabilities in web applications at runtime. Our end-to-end solution starts with discovery, proceeds to baseline scanning of thousands of applications in parallel, continues with deep scanning — and enables continuous, ongoing monitoring to maintain your security posture. DAST also delivers security intelligence to your existing WAFs to enable rapid mitigation via virtual patching.