DAST Settings
General
On General (fig. 6.18), you can set parameters for the succeeding scans:
- specify URL to attack
- set up scan priority
- select the agent to execute the scan
- specify URLs to be excluded from analysis
- select scan mode (modify scanner aggressiveness depending on analysis goals and resource allocation):
- standard - the standard scanning mode, focused on vulnerability detection without attacking the application
- aggressive - an aggressive mode that allows for both scanning and executing attacks on the application
- active attack - the active attack mode, where the application is attacked from the very beginning of the scan
- select authorization method and provide credentials for resources requiring authentication
- configure ajax spider employment (using ajax spider requires more time for analysis to be completed, but produces more comprehensive results)
- if needed, set up ajax spider timeout (use this setting when time for scanning is limited)
- specify URL for OpenAPI definition (using OpenAPI definition produces targeted results in accordance to the provided definition)
- fill in the template with endpoints and their values if the URL contains variables (an API definition is required for this feature)
Figure 6.18: General
On User Roles, grant access to the project to other system users and configure their set of roles within the project.
On Task Manager, link Jira projects to the DerScanner project (see Linking a DerScanner project to a Jira project).
Autoscan
To make long-term project management more convenient, you can set up automatic scanning. To set it up, provide the app’s URL, authentication data (if needed) and configure a schedule.
Figure 6.19: Autoscan on schedule
Project Management
You can edit project’s data, archive, or delete a project on the Project Management page. Archived projects remain in the system and can be retrieved. To delete a project without possibility of recovery, click Delete Project and confirm the action.
Figure 6.20: Project Management