<< PREVIOUS NEXT >>

 

 

DAST


 

Dynamic application security testing (DAST) is a process of testing an operating application or software product in order to identify potential security vulnerabilities and architectural weaknesses.

 

VirSec DevSecOps DAST scans are performed on a run-time application using our fully packaged Docker image without any additional software installation. Please make sure you have the following prerequisites before running the scans.

 

PREREQUISITES

  1. Install CLI

  2. Install Docker if not already present

    1. Version 1.8X or greater

 

NOTE: 

Your source code doesn't leave your environment, Virsec DevSecOps doesn't store or have any kind of access to it.

 

Example  

 

Run the following command from your console

 

vsp_defense dast --api-key=<YOUR_API_KEY>  --url="application url" --project-name="my-pythom-project"

 

 

Run the following command for URLs with authentication

 

vsp_defense dast --api-key=<YOUR_API_KEY> \

--url="application url" --project-name="my-python-project" \

--login-url=https://<application url>/login \

--username-field=<username-field> \

--username=<emailaddress> \

--password-field=password \

--password=<password> \

--auth-type=<auth-type>

 

 

 

 

 

 

To securely enter the password use --W option 

 

vsp_defense dast --api-key=<YOUR_API_KEY> \

--url="application url" --project-name="my-python-project" \

--login-url=https://<application url>/login \

--username-field=<username-field> \

--username=<emailaddress> \

--password-field=password \

--W \

--auth-type=<auth-type>

 

 

 

 

 

 

Example

 

vsp_defense dast \

--project-name=" PROJECT NAME" \

--api-key=" YOUR API KEY" \

--url="https://sandbox.clouddefenseai.com" \

--login-url="https://sandbox.clouddefenseai.com/login" \

--username-field=mat-input-1212 \

[email protected] \

--password-field=mat-input-1000 \

-password=>YOUR PASSWORD>\

--auth-type=automatic

 

 

 

 

 

 

How to get Username and Password ID / Fields

 

 Options for URLs with authentication

 

Options

Value

Required

Description

--url

string

Yes

application url

--api-key

uuid

Yes

YOUR_API_KEY

--project-name

string

Yes

application name

--login-url

string

Yes

The login page URL

--username-field

string

Yes

The username field name (these are usually email or username)

--username

string

Yes

The password field name

--username

string

Yes

The username to login

--password, --W

string

Yes

The password to login

--urls-to-include

string

No

If login url is different from application url set this value (use comma(,) to pass multiple values )

--urls-to-exclude

string

No

Urls to exclude from scanning, these are usually logout urls (use comma(,) to pass multiple values )

--auth-type

string

No

Defaulted to token type, supported types are token and cookie

--message

string

No

 

 

<< PREVIOUS NEXT >>