Skip to main content

Discovery Scan results

After you run a Discovery Scan, the results are available as an Excel file in a ZIP file. You can download the ZIP file in the Veracode Platform, then extract the Excel file.

This section describes the results in the following worksheets:

Discovery Data

Website

The location connected to the internet, identified by the hostname of the URL that you normally see in a browser address bar. It can take many forms such as http://xyz.com, xyz.com, xyz.com/subdomain, or https://xyz.com:443.

Uniform Resource Locator (URL)

A URL is one type of Uniform Resource Identifier (URI), the generic term for all types of names and addresses that refer to objects on the internet. The term web address is a synonym for a URL that uses the HTTP or HTTPS protocol.

Hostname

A label assigned to a device connected to a computer network that is used to identify the device in various forms of electronic communication. On the internet, hostnames may have appended the name of a Domain Name System (DNS) domain, separated from the host-specific label by a period. In the latter form, some hostnames are also called domain names. If the domain name is completely specified, including a top-level domain of the internet, then the hostname is a fully qualified domain name.

Uniform Resource Identifier (URI)

A string of characters that identify a resource. Identifying a resource enables interaction with representations of the resource over a network, typically the internet, using specific protocols. Schemes specify a concrete syntax and associated protocols that define each URI. The most common form of URI is the Uniform Resource Locator (URL), frequently referred to informally as a web address.

Protocol

The special set of rules that endpoints in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities.

Domain Name

The part of a network address that identifies the site as belonging to a particular domain.

Fully-Qualified Domain Name (FQDN)

The complete domain name for a specific computer, or host, on the internet. The FQDN consists of two parts, the hostname and the domain name. For example, an FQDN for a hypothetical mail server might be mail.college.edu. The hostname is mail and the host is located within the domain college.edu.

Subdomain

A subdomain is a domain that is part of a larger domain. The only domain that is not also a subdomain is a root domain. For example, west.example.com and east.example.com are subdomains of the example.com domain, which is a subdomain of the .com top-level domain (TLD).

Top-Level Domain

One of the domains at the highest level in the hierarchical Domain Name System of the internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name. For example, in the domain name www.example.com, the top-level domain is .com. The responsibility of managing most top-level domains is delegated to specific organizations by the Internet Corporation for Assigned Names and Numbers (ICANN), which operates the Internet Assigned Numbers Authority (IANA), and is responsible for maintaining the DNS root zone.

Internet Protocol (IP) Address

An identifier for a computer or device on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.

Dashboard worksheet

This topic describes the data and graphs in the Dashboard worksheet included in the Discovery scan extract. Veracode generates this extract after you run a Discovery scan.

By the Numbers Data

Customer

Name of the organization.

Scan Date

Date the Discovery scan started.

Scan Start Date and Scan End Date

Dates the Discovery scan started and ended, in UTC format.

Scan Duration

Number of hours the Discovery scan machines were running. Start date and time is within 24 hours of the start date entered by the user. End date is either defined by the user in the Veracode Platform or when the Discovery scan engine cannot find any new hostnames.

Sites from All Confidences

Summary of statistics pertaining to websites that are below every confidence level. These sites might or might not belong to your organization.

Responding Sites (Hosts: Ports) Found

Number of websites, whether they have a URL or IP address as the hostname, found with a unique host/port combination. For example, Veracode considers http://xyz.com:8080 and https://xyz.com:443 to be two separate websites. In comparison, Veracode considers http://xyz.com:80 and xyz.com:80 to be the same website. In the second example, the host and port combinations are the same.

Unique Hosts Found

Number of websites found with unique hostnames.

Unique IPs

Number of unique IP addresses found by the Discovery scan. This metric provides an estimation of the size for the underlying web network supporting your externally facing applications.

Unique DOM structures found

Number of unique Document Object Model (DOM) structures found in the application. DOM structures are a key component underlying HTML web page structure. This method provides insights as to how many unique websites were found in the application during the Discovery scan.

Unique Server Platforms

Number of unique servers and server versions beneath the websites found in the Discovery scan.

Authenticated Sites Found

Number of websites found that have either HTTP-header or forms-based authentication on the homepage of those websites. These websites are generally considered the higher priority and higher risk websites, because they contain more sensitive user information.

Redirecting Sites Found

Number of websites found that pointed to another website. These websites responded with any of the values in the 300 range.

Unique Sites Found

Number of unique websites found from the Discovery scan. The unique calculation is the most thorough, as it rules out duplicates based on both IP address and DOM hash. This is the best indicator of the total number of websites found in the Discovery scan.

Discovery Result/Coverage Visualizations Graphs

Site Confidence Breakdown

This graph illustrates the confidence that the sites belong to the user's organization. Values High, Highest, and Medium High. A graph with a large percentage of High and Highest indicates that a large percentage of websites might have been unknown to the user and might require investigation.

Sites Contained Within Input IP Ranges

This graph illustrates whether the websites scanned had IP addresses provided by the user. A large percentage of No values might indicate a high number of websites were previously unknown to the user, and might require investigation.

Matching Input Registered Domains

Similar to the previous graph, this graph also indicates whether the websites found by the Discovery scan had any association to domains provided by the user. This graph breaks down the domains by match type:

  • Exact Domain Match: percentage of websites found that were domains provided by the user.
  • Host is an IP: percentage of websites found where the hostname is an IP address provided by the user.
  • Sub-domain Match: percentage of websites found that were domains provided by the user.
  • Exact Domain Match: percentage of websites found where the subdomain had a domain name that matched one of the domains provided by the user.
  • No Match: percentage of websites with hostnames that matched none of the domain names provided by the user.

Users might not know or provide all domains that belong to their organization, but usually provide a more thorough list of IP addresses.

Discovery Plugin Summary

This graph illustrates the plugins found in the Discovery scan, broken down by function. The plugin types are:

  • DNS: uses DNS to search for domain names and resolve IP addresses. DNS stands for Domain Name System, which underpins the current internet infrastructure. Using the Input IP Addresses provided by the user, Veracode Discovery searches for the hostname associated with the IP address. Veracode uses the input domains provided by the user to confirm that the hostname has an IP address that is part of the input list, or was previously unknown to the user.
  • Hostlist: checks the domains provided by the user to make sure they still exist and provide a valid web response.
  • Web: crawls known websites to find web links that lead to other potential hostnames. These hostnames discovered by Veracode are usually links found on the original website located in the Found From Display field.
  • Brute-Forcer: uses a set of predefined keywords to find subdomains within discovered hostnames. There are many instances of standalone websites that are not easily found when crawling the user's known websites.
  • Bing: finds websites that use the Microsoft Bing search engine. The plugin uses the Bing as well, to identify possible hostnames related to the input IP address and domains list provided by the user.
  • Director: finds websites using subdomains provided by the user.
  • AXFR (Authoritative Transfer): finds websites by using a specific feature within DNS (inducing a zone transfer query). AXFR is a mechanism for replicating DNS data across DNS servers. If AXFR is turned on within your DNS servers, this plugin can find other websites hosted on related DNS servers. If websites are found, this hints at potential vulnerabilities with misconfigured DNS servers.

Site Port Usage

Percentage of websites using each port number. Not all ports found refer to standard web ports, which present an opportunity to clean up the web infrastructure. Only 80 and 443 are standard web port numbers.

Site Response Codes Seen

Percentage of websites with each response code:

  • 1xx: informational
  • 2xx: success
  • 3xx: redirection
  • 4xx: client error
  • 5xx: server error

Site Authentication

This graph illustrates the percentage of websites with either HTTP Authentication, Forms-based Authentication, or No Authentication on the homepage of the website found. Any website with authentication on the homepage is considered higher priority because it can hold sensitive user information.

HTTP vs HTTPS Hosts

This graph illustrates the percentage of websites with various protocols. HTTP and HTTPS are standard web protocols. Some websites respond to both HTTP and HTTPS requests, and are classified under the HTTP HTTPS category. A high percentage of Non-Standard protocols may indicate an operational and security hazard. You may also find servers that appear to be websites and are running on non-standard protocols for the web that should not be externally facing.

Sever Headers/ Banners Top - 20

This graph illustrates the percentage of various servers underneath the websites found by a Discovery scan. This chart is useful because some servers have known vulnerabilities associated with them. These servers should not be running externally-facing websites and may pose application security risk.

Domains Needing Review worksheet

This topic describes the data and graphs in the Domains Needing Review worksheet included in the Discovery scan extract. Veracode generates this extract after you run a Discovery scan.

The Domains Needing Review worksheet contains a summary of the registered domains that you might need to review, including domains that you might need to add to the next Discovery scan to maximize coverage.

Domain

The domain of the application. The domain may be an IP address.

Host

The host of the domains under your application, usually an IP address.

IP Address

The IP address of the domain.

In Input Range

Determines whether the domain is in input range.

In Input Domain

Determines whether the hostname found by Veracode was in the input domains list provided by the user. The values are:

  • Exact Domain Match: the URL of the hostname found by Veracode matches one of the domains in the input domains list. In the example above, http://domain.com is an exact domain match.
  • Sub-domain Match: the URL of the hostname was found by Veracode and the domain in the URL matches one of the domains in the input domain list, even if the URL contains a subdomain that was not provided to Veracode. For example, sports.domain.com could be found from an input of domain.com.
  • No Domain Match: this site was found by Veracode, but was not part of the input domains list. For example, if domain.com was the only input domain provided by the user, the finding of abc.com and sports.example.com are classified as no domain match. View the Found by Display field to find the source of this finding.
  • Host is an IP: the hostname is an IP address. It is not an indication of whether this IP address was also in the input IP range provided by the user.

Open Ports

Open ports are ports that responded with a host. The most common values are 80, 8080, 443, and 8443.

Response Code

The response code for the site:

  • 1xx: informational
  • 2xx: success
  • 3xx: redirection
  • 4xx: client error
  • 5xx: server error

# of Web Apps

The number of web applications for the domain.

Action Items worksheet

This topic describes data in the Action Items worksheet included in the Discovery scan extract. Veracode generates this extract after you run a Discovery scan.

The Action Items worksheet lists the sites and network objects identified during Discovery scanning that might pose a security risk and require remediation.

Sites Potentially Transmitting Unencrypted Authentication Information

  • Identifies a list of any sites that are operating across unencrypted HTTP that return a server 200 message. This message indicates that the servers are present and listening. Information sent to these sites, including usernames and passwords, is not encrypted, and may be seen by outside parties.

  • Remediation: Implement encrypted communication over SSL. Disable unencrypted communication by default.

Sites Running On Potentially Non-Standard or Unanticipated Ports (> 443)

  • Identifies any site running outside of a standard web port and could indicate internal resources that might be exposed to the public internet.

  • Remediation: Verify if you want the sites to run on these ports. If necessary, decommission the sites.

Sites Discovered Via DNS Zone Transfer

  • Your hosting provider provides an option for specifying which DNS servers are responsible for resolving the URL. Because other information may be included in the transfer, you may want to prevent users from downloading the entire DNS table to find out which systems are running. This type of request should come from a legitimate source.

  • Remediation: Restrict DNS zone transfers through similar IP restrictions.

Potential externally exposed Dev / Staging sites

  • Identifies sites with prefixes indicate they may be development or staging sites. These sites are frequently not as secure or up-to-date as production versions.

  • Remediation: Place your development and staging sites behind a firewall.

Sites With Older Copyright Dates

  • Identifies sites with most recent copyright dates older than 2010. Older copyright dates could indicate sites that have not been accessed recently. The sites may have outdated information or may be running less-secure applications.

  • Remediation: Determine if the site is still used or can be removed.

Sites Leaking Server Header Information Indicating Older Web Servers

  • Indicates that older versions of server tools are potentially vulnerable to an attack.

  • Remediation: Upgrade your server version. Do not list the server version in the HTTP response header.

Sites Located on IP Addresses Outside the Input List (Possibly Unknown) with Authentication

  • Indicates that visibility into your web assets exists. Sensitive systems require authentication.

  • Remediation: Determine if identified sites were known previously. A login on the site indicates that something of value exists on the page.

Sites Located on Domains Outside the Input List (Possibly Unknown) with Authentication

  • Indicates that a shadow IP registered a site that may not be known to the IT team.

  • Remediation: Determine if identified sites were known previously. A login on the site indicates that something of value exists on the page.

Potential externally exposed Printers

  • Indicates that your printers are exposed, potentially allowing someone to access them. This situation could result in spamming and make other parts of your network vulnerable.

  • Remediation: Set locks on your printer.

Sites That Resemble Default Web Server Pages

  • Indicates that most default web server pages are not particularly secure.

  • Remediation: Restrict access to only authorized users through firewalls, VPN, or other controls.

Sites with Response Codes Equal To 2XX Found With No Body Content Or No DOM

  • Identifies sites that returned no page content, but did not indicate any errors in returning a response. These sites could be unused placeholders, or some problem on the site is preventing content from rendering correctly.

  • Remediation: Determine if the page is needed. If not, remove, decommission or deprovision the page.

Discovery Data worksheet

This topic defines the data in the Discovery Data worksheet included in the Discovery scan extract. Veracode generates this extract after you run a Discovery scan. The findings might point to websites previously unknown to you.

URL structure example

URL

http://subdomain.domain.com:1234/

Protocol

HTTP

Hostname

subdomain

Domain name

domain.com

FQDN

subdomain.domain.com

Port

1234

Top Level Domain

com

Scheme

A scheme consists of a sequence of characters beginning with a letter and followed by any combination of letters, digits, plus symbol (+), period (.), or hyphen (-). Possible values include HTTP or HTTPS Although schemes are case-insensitive, the canonical form is lowercase. Documents that specify schemes must use lowercase letters and include a colon following a scheme. In the previous example, the scheme is HTTP.

Host

The registered name for the domain, or in the case where there is no registered name, the host is the IP address of the domain. Possible values include a string that contains a domain and subdomain. It is also known as a fully-qualified domain name. In the previous example, subdomain.domain.com is the host.

Port

The protocol port you use to contact the server referenced in the fully-qualified domain name or host. The most common values are 80, 8080, 443, and 8443. View additional information on specific ports.

Open Ports

The ports that responded with a host. The most common values are 80, 8080, 443, and 8443.

IP Address

The identifier assigned to each computer and another device, for example, printer, router, mobile device, connected to a TCP/IP network. An IP address locates and identifies a server behind the device or computer for communication purposes.

Domain

The part of a network address that identifies it as belonging to a specific domain. When there is no registered domain name, the domain is the IP address. In the previous example, the domain is domain.com.

Wildcard Domain

The domains that match requests for any domain names including non-existing subdomains. In the previous example, the wildcard domain is a.domain.com.

Confidence Level

The probability that the site listed in each row in the table belongs to you. Values are:

  • Highest: Highest confidence sites contain both the domain and IP address that you supplied, which indicates Veracode has a very high confidence the site belongs to you.

  • High: High confidence sites contain either the domain or IP address that you supplied, which indicates Veracode has a high confidence the site belongs to you.

  • Medium High: Medium High sites contain a domain name that matches domains you provided on the input list. This status does not mean that the entire URL you provided in the input list. Medium High sites are prime candidates for you to investigate further because they were previously unknown to you.

  • Medium Low: Medium Low sites contain a domain that does not match any input you provided, but the IP address of the site matches the IP address you provided in the input list. Medium Low sites are prime candidates for you to investigate further because they were previously unknown to you.

  • Low: Low sites contain a domain that does not match any input you provided. The IP address of the site does not match the IP address you provided in the input list.

Scan Scope

Determines if the site is in the scope of the scan, based on two criteria:

  • The domain of the website is a partial match to one of the domains provided as input.
  • The IP address was unresolvable and exists within the IP range you provided as input for the Discovery scan. For example, if you provide www.domain.com as input to a Discovery scan, Veracode matches all discovered hosts against the terms on your allowlist that it determined from the input. A Discovery scan might also find mobile.domain.com, or www.domainlabs.com because these sites partially match the domains in the approved allowlist. The site domain.jobs.com is considered out of scope with a value of False, because the approved allowlist matches against the subdomain, and not the domain itself.

In Input Range

Determines if the IP address of the hostname found by Veracode is in the input IP range or ranges you provided. Values include Yes or No.

In Input Domain

Determines if the hostname that Veracode found is in the input domains list you provided. Values are:

  • Exact Domain Match: URL of the hostname found by Veracode matches one of the domains in the input domains list. In the previous example, http://domain.com is an exact domain match.

  • Subdomain Match: URL of the hostname found by Veracode matches one of the domains in the input domain list even if the URL contains a subdomain that was not provided to Veracode. For example, sports.domain.com might be found from an input of domain.co.

  • No Domain Match: Veracode found this site, but it is not part of the input domains list. For example, if domain.com is the only input domain you provided and if the Discovery scan returned the finding of abc.com and sports.example.com, those sites are classified as no domain match. You can view the Found by Display field to find the source of this finding.

  • Host is an IP: Hostname is an IP address. This value does not indicate if this IP address was also in the input IP range that you provided.

Found By Display

The Discovery scan technology that Veracode uses to find the specific hostname. Values are:

  • brute_forcer (subdomain): A plugin that uses a set of predefined keywords to find subdomains within discovered hostnames. There are many instances of standalone websites that are not easily found when crawling your known websites.

  • dns: Using the provided Input IP addresses, Discovery searches for the hostname associated with the IP address. Veracode uses the input domains that you provide to confirm that the hostname has an IP address that is part of the input list, or was previously unknown to you.

  • web: A plugin that crawls known websites to find URLs that can lead to other potential hostnames. These hostnames which Veracode discovers are usually links found on the original website located in the Found From Display field.

  • Bing: A plugin that uses the Microsoft Bing search engine to identify possible hostnames related to the input IP address and domains list you provide.

  • cert: A plugin that uses the SSL certificate to identify possible hostnames, and other information in the SSL certificate, for example, the Certificate Organization and Certificate Issued To values.

  • Director: Discovery splits subdomains and domains of known sites and uses these subdomains and domains to search for related domains.

  • axfr: A plugin that uses the DNS records behind websites found to find other unlinked websites that are most likely owned by you because they are hosted by DNS servers behind known websites. If websites are found with this plugin, it lists potential vulnerabilities with misconfigured DNS servers. AXFR is a mechanism for replicating DNS data across DNS servers. If you turn on AXFR within your DNS servers, this plugin can find other websites hosted on related DNS servers.

Found From

The URL that led Veracode to the associated URL in the hostname field. The hostname field can include subdomains of the Found From URL, or links on the web page of the Found From URL.

Server Header

The information passed in the HTTP header for the server field, which usually refers to the server name or any other information the website wanted to pass in the HTTP headers. Veracode finds this header during the scraping of the HTTP response from the hostname and usually refers to the web server that hosts this website.

Location Redirect

Also known as URL redirection or HTTP direction, this redirect occurs when the hostname is a URL that the web server responds with when the engine is attempting to load another URL. For example, if the Discovery engine attempts to load domain.com, the location redirect expects the web server to redirect to example.domain.com, which is the hostname Veracode finds with a Discovery scan. The response code for a hostname that was found through location redirect returns a response code of 3xx.

The HTTP location header field is returned in responses from an HTTP server under two circumstances:

  • URL redirection requests a web browser to load a different web page. In this circumstance, send the location header with an HTTP status code of 3xx. A web server passes the location header as part of the response when the requested URI has:

    • Moved temporarily
    • Moved permanently
    • Processed a request

  • The responses provide information about the location of a newly created resource. In this circumstance, send the location header with an HTTP status code of 201 or 202.

Meta Redirect

An alternative to location redirect, meta redirect is the preferred way to redirect a user agent to a different page. You can redirect a user agent to a different page by a special rule in the web server, through JavaScript upon loading the web page or using a simple script on the web server. Metadata redirect is used because some users prefer not being shown one URL that takes them to a different URL.

HTTP Authentication

This authentication is also known as basic authentication, or HTTP header authentication, in the context of an HTTP transaction. Basic access authentication is a method for an HTTP user agent to provide a username and password when making a request. This method of authentication is commonly seen as a browser window that requires you to authenticate before loading the page.

Forms Authentication

This fields provides editable form you can complete and submit to log in to some system or service within the application. This authentication is also known as login-forms authentication and it is the most common form of login authentication.

DOM Hash

The DOM hash is a unique identifier to characterize the structure of the web page that the Discovery scan detects. Because the Discovery scan does not crawl the entire application, the DOM hash usually refers to the structure of the homepage or login page of that application.

Site Fingerprint

The DOM hash plus the IP address of the site.

Site info

HTML Title Tag

The <title> tag is required in all HTML documents and it defines the title of the document. It also defines a title in the browser toolbar, provides a title for the page when you add it to favorites, and displays a title for the page in search engine results.

Possible values include any string of characters the site has within the <title> tag. This field is sometimes used to determine application owners because the title might include information about the site owner. For example, the title in the HTML of subdomain.domain.com might contain a brand or company name you own. This field, when paired with an unknown domain, can indicate if you are the owner of the site.

Certificate Organization

This value is the Common Name field in the Issued To section of the SSL certificate. The values of this field usually look like a domain name. SSL certificates provide secure encrypted communications between a website and an internet browser. SSL stands for Secure Sockets Layer, the protocol that provides the encryption.

The Discovery scan populates this field from the SSL certificate available from the site is on the HTTPS scheme, which is on port 443. This field, when paired with an unknown domain, can indicate if you are the owner of the site.

Certificate Issued To

In the Discovery scan, this value refers to the organization named in the Issued To section of the SSL certificate. The values of this field usually refer to an organization name. This field, when paired with an unknown domain, can indicate if you are the owner of the site.

Copyright Year

This value is populated from the copyright year or year range information within the copyright element in the HTML of the web page found in the Discovery scan. For users, this field is regularly found at the footer of the web page. This field can provide you information about sites that are older or have not been updated recently.

Copyright Data

This value refers to any information found in the copyright element in the HTML of the web page, excluding the copyright year. Normally, you can find this field regularly at the footer of the web page. This field, when paired with an unknown domain, can indicate if you are the owner of the site.

Admin

Time Found

Refers to the date and time stamp when the Discovery scan found the site.

Host Display

The fully-qualified domain name. This value combines the scheme and host of the site.

DynamicMP Candidate

A list of hostnames that are good candidates for DynamicMP because there is some confidence that this site is a responding website containing content or structure that might be open to security vulnerabilities. The calculation considers response code, confidence level, and DOM hash. Values are:

  • Good: Hostnames that have a 200, 301, or 302 response code, and have a confidence level of high or highest and have a unique DOM hash value. In the case of multiple websites with similar DOM hash, one of those hostnames is selected as a good candidate.

  • Limited Results: Hostnames that meet the same standards as a good candidate, but have the same DOM hash as one of the good candidates, which indicates they are duplicates of the good candidates and do not need to be scanned by DynamicMP. This list helps to optimize how much time you spend on public websites.

Authentication Display

This field is true if either the HTTP authentication or forms authentication field is true. This field allows you to determine if you have authentication on your website. Values are:

  • HTTP Authentication
  • Forms Authentication
  • HTTP and Forms Authentication
  • No Authentication

Redirected Display

Determines if another website redirected the hostname. This field helps you determine if your multiple websites redirect to the same hostname. Values are:

  • Redirected
  • Not Redirected

Response Code Display

The textual representation of the HTTP status codes or response codes for the hostname. The associated numerical value of the status codes is located in the Response Code field.

Found From Duplicate

This field has useful values when the hostname is found in the Discovery scan, which is noted in the Found By field. If Veracode finds a hostname subdomain.example.com, because it was a link on example.com, then example.com is the value for this field. This field provides more assurance that the website belongs to you.

HTTP vs. HTTPS

A representation of the scheme of the hostname found in the Discovery scan. Values are:

  • HTTP
  • HTTPS
  • HTTP and HTTPS, which indicate that the same hostname responds to both schemes

Firefox Page Hash

This hash is the same DOM hash representation that was found in the DOM hash field when the HTTP request header contained a Firefox user agent before the website was loaded.

IE Page Hash

This is the same DOM hash representation that was found in the DOM hash field when the HTTP request header contained an Internet Explorer user agent before the website was loaded. This field might be useful if your website structure changes significantly based on the user agent field in the HTTP request header.

iPhone Page Hash

This hash is the same DOM hash representation that was found in the DOM hash field when the HTTP request header contained a mobile Safari user agent before the website loaded. This field might be useful if your website structure changes significantly based on the user agent field in the HTTP request header.

DynamicMP Input worksheet

This topic describes the data in the DynamicMP Input worksheet included in the Discovery scan extract. Veracode generates this extract after you run a Discovery scan.

The DynamicMP Input worksheet provides data that might point to websites that were previously unknown to you and might be good candidates for a DynamicMP scan.

URL structure example

URL

http://subdomain.domain.com:1234/

Protocol

HTTP

Hostname

subdomain

Domain Name

domain.com

FQDN

subdomain.domain.com

Port

1234

Top Level Domain

com

DynamicMP Candidate

Determines if the host is a good candidate for a DynamicMP scan. Values are Yes or No.

IP Address

The identifier assigned to each computer and another device, for example, printer, router, mobile device, connected to a TCP/IP network. An IP address locates and identifies a server behind the device or computer for communication purposes.

DOM Hash

The DOM hash is a unique identifier to characterize the structure of the web page that the Discovery scan detects. Because the Discovery scan does not crawl the entire application, the DOM hash usually refers to the structure of the homepage or login page of that application.

DynamicMP Candidate

A list of hostnames that are good candidates for DynamicMP because there is some confidence that this site is a responding website containing content or structure that might be open to security vulnerabilities. The calculation considers response code, confidence level, and DOM hash. Values are:

  • Good: hostnames that have a 200, 301, or 302 response code, and have a confidence level of high or highest and have a unique DOM hash value. In the case of multiple websites with similar DOM hash, one of those hostnames is selected as a good candidate.
  • Limited Results: hostnames that meet the same standards as a good candidate, but have the same DOM hash as one of the good candidates, which indicates they are duplicates of the good candidates and do not need to be scanned by DynamicMP. This list helps to optimize how much time you spend on public websites.

Host

The registered name for the domain, or in the case where there is no registered name, the host is the IP address of the domain.

Possible values include a string that contains a domain and subdomain. It is also known as a fully-qualified domain name. In the previous example, subdomain.domain.com is the host.

Response Code

The HTTP status code or response code for the host. Values are 200, 301, or 302.

Location Redirect

Also known as URL redirection or HTTP direction, this redirect occurs when the hostname is a URL that the web server responds with when the engine is attempting to load another URL. For example, if the Discovery engine attempts to load domain.com, the location redirect expects the web server to redirect to example.domain.com, which is the hostname Veracode finds with a Discovery scan. The response code for a hostname that was found through location redirect returns a response code of 3xx.

The HTTP location header field is returned in responses from an HTTP server under these circumstances:

URL redirection requests a web browser to load a different web page. In this circumstance, send the location header with an HTTP status code of 3xx. It is passed as part of the response by a web server when the requested URI has:

  • Moved temporarily
  • Moved permanently
  • Processed a request

The responses provide information about the location of a newly created resource. In this circumstance, send the location header with an HTTP status code of 201 or 202.

In Input Range

Determines if the IP address of the hostname found by Veracode is in the input IP range or ranges you provided. Values are Yes or No.

In Input Domain

Determines if the hostname found by Veracode is in the input domains list you provided. The values are:

  • Exact Domain Match: URL of the hostname found by Veracode matches one of the domains in the input domains list. In the previous example, http://domain.com is an exact domain match.
  • Subdomain Match: URL of the hostname found by Veracode matches one of the domains in the input domain list even if the URL contains a subdomain that was not provided to Veracode. For example, sports.domain.com might be found from an input of domain.com.
  • No Domain Match: Veracode found this site, but it is not part of the input domains list. For example, if domain.com is the only input domain you provided and if the Discovery scan returned the finding of abc.com and sports.example.com, those sites are classified as no domain match. You can view the Found by Display field to find the source of this finding.
  • Host is an IP: hostname is an IP address. This value does not indicate if this IP address was also in the input IP range that you provided.

Copy Paste Column

This column provides the ability to copy the host list into a text editor to generate a standard input file for a DynamicMP scan.

Last updated on