Dynamic analysis (DAST) is a vital part of all application security programs. Effective application security secures software throughout its entire lifecycle — from inception to production. With the speed of today’s development cycles — and the speed with which software changes and the threat landscape evolves — it would be foolish to assume that code will always be 100 percent vulnerability-free after the development phase. Code in production will always need to be tested or, in some cases, patched. Dynamic analysis plays an important role in ensuring that security spans from left to right in the SDLC.

Veracode provides dynamic scanning using a best-in-class engine that provides speed, accuracy of results, and scale. You can submit large batches of URLs for authenticated scans and expect results you can trust within a timeframe that matches your development cycles.

To ensure the most thorough coverage possible, you want authentication to go smoothly. Here are five key things to keep in mind to set yourself up for dynamic scanning success:

  1. Prescan: Always allow time to run a prescan to check your authentication and ensure your connection is stable.
  2. If you are using login scripts, always use Selenium IDE to create them.
  3. Schedule scans to occur when you know that the sites will be up (e.g., not during a maintenance window, or leverage the Pause & Resume feature), and when there is lighter traffic.
  4. If you want support for advanced frameworks (Angular, React) or single page applications, select the advanced mode option for scanning to ensure thorough coverage.
  5. Take advantage of app linking: You can link the results from a dynamic analysis to an application profile to evaluate the results against policy, and see the results for all types of scans of the application aggregated in a single report.

Learn more about Veracode Dynamic Analysis on our web site. Or, get more details on the above five tips on running dynamic scans in our Veracode Community, including how-to videos.

Bhavna Sarathy is a Principal Product Manager for the Veracode Web Application Scanning product line. Bhavna was instrumental in building the new Veracode Dynamic Analysis as the lead Product Manager, translating vision to execution. Bhavna enjoys building new products that delight security-conscious customers, and is adept at driving cross-functional teams toward common product portfolio goals. Bhavna has 20+ years experience in IT commercial software and 8+ years in product management and strategy. Bhavna holds masters' degrees in Computer Science and Electrical Engineering from The Ohio State University.

 

 

contact menu