/feb 5, 2024

A Getting Started Guide to Veracode DAST Essentials

By Jenny Buckingham

The Critical of Role of Dynamic Application Security Testing (DAST)

Web applications are one of the most common vectors for attacks, accounting for over 40% of breaches, according to Verizon's Data Breach Report. Dynamic application security testing (DAST) is a crucial technique used by development teams and security professionals to secure web applications in the software development lifecycle.

In fact, Veracode's State of Software Security Report reveals that 80% of web applications have critical vulnerabilities that can only be found with a dynamic application security testing solution. But modern software development practices prioritize tight deadlines. The demand is for faster releases without introducing vulnerabilities, making it difficult for teams to prioritize security. Security testing needs to work and scale within your DevOps speed and release frequency. 

Getting Started with Veracode DAST Essentials

Veracode DAST Essentials is a dynamic application security testing tool that is easy to set up and rapidly scans your web applications and APIs for critical runtime vulnerabilities. Seamless integration into automated pipelines helps you deploy new features quicker, without disruption, and with peace of mind.

Unlike static application security testing, Veracode DAST Essentials simulates real-world attacks, mimicking the actions of malicious attackers to uncover exploitable vulnerabilities that could compromise your application's security. By mirroring real attackers' techniques, Veracode DAST Essentials helps you identify and address weaknesses that other security testing solutions may overlook. 

In this blog, we'll walk you through the process of setting up your account (for free, no credit card required!), configuring scan targets, and interpreting results. Whether you're a seasoned developer or a security professional, this blog will help you get started with Veracode DAST Essentials quickly. 

Step 1: Sign Up for Your Free Trial

To begin using Veracode DAST Essentials, sign up for a free, 14-day trial. Once you've created your account and set up your username and password, you can start scanning right away. 

 

If you're already a Veracode Dynamic Analysis customer, simply log in to the Veracode platform with your credentials and access Veracode DAST Essentials under "Scans & Analysis." 

Step 2: Create Your Scan Target

After logging in, you'll be redirected to the Veracode DAST Essentials home screen. Under your Target Lists, click on the "Add Target" button and select your target type: web application or API. 

Next, provide specific details about your scan target. Add a descriptive target name and select the related protocol (HTTP or HTTPS). Enter the target URL or IP address that you want to scan. Optionally, you can specify a team name to better organize your scan targets.

Click "Next" to proceed. 

Step 3: Select & Start Your Scan

Veracode DAST Essentials offers a "Quick Scan" option that provides rapid results in as early as 5 minutes. To proceed with a quick scan, ensure that your organization has the necessary rights to scan the content, then click "Next". If you require more comprehensive and in-depth scan capabilities, feel free to contact Veracode to explore how additional scan options can be added to your free trial experience. 

Once you've configured your scan preferences, it's time to start your scan. Click on the "Run Analysis" tab to begin your scanning process. If needed, you can further customize your scan settings in the "Configure" tab.