This topic describes the data in the DynamicMP Input worksheet included in the Discovery scan extract. Veracode generates this extract after you run a Discovery scan.
The DynamicMP Input worksheet provides data that might point to websites that were previously unknown to you and might be good candidates for a DynamicMP scan.
URL Structure Example
Top Level Domain
Determines if the host is a good candidate for a DynamicMP scan. Values are
The identifier assigned to each computer and another device, for example, printer, router, mobile device, connected to a TCP/IP network. An IP address locates and identifies a server behind the device or computer for communication purposes.
The DOM hash is a unique identifier to characterize the structure of the web page that the Discovery scan detects. Because the Discovery scan does not crawl the entire application, the DOM hash usually refers to the structure of the homepage or login page of that application.
A list of hostnames that are good candidates for DynamicMP because there is some confidence that this site is a responding website containing content or structure that might be open to security vulnerabilities. The calculation considers response code, confidence level, and DOM hash. Values are:
- Good: hostnames that have a
302response code, and have a confidence level of high or highest and have a unique DOM hash value. In the case of multiple websites with similar DOM hash, one of those hostnames is selected as a good candidate.
- Limited Results: hostnames that meet the same standards as a good candidate, but have the same DOM hash as one of the good candidates, which indicates they are duplicates of the good candidates and do not need to be scanned by DynamicMP. This list helps to optimize how much time you spend on public websites.
The registered name for the domain, or in the case where there is no registered name, the host is the IP address of the domain.
Possible values include a string that contains a domain and subdomain. It is also known as a fully-qualified domain name. In the previous example, subdomain.domain.com is the host.
HTTP status code or response code for the host. Values are
Also known as URL redirection or
HTTP direction, this redirect occurs when the hostname is a URL that the web server responds with when the engine is attempting to load another URL. For example, if the Discovery engine attempts to load
domain.com, the location redirect expects the web server to redirect to
example.domain.com, which is the hostname Veracode finds with a Discovery scan. The response code for a hostname that was found through location redirect returns a response code of
HTTP location header field is returned in responses from an HTTP server under these circumstances:
URL redirection requests a web browser to load a different web page. In this circumstance, send the location header with an
HTTP status code of
3xx. It is passed as part of the response by a web server when the requested URI has:
- Moved temporarily
- Moved permanently
- Processed a request
The responses provide information about the location of a newly created resource. In this circumstance, send the location header with an
HTTP status code of
In Input Range
Determines if the IP address of the hostname found by Veracode is in the input IP range or ranges you provided. Values are
In Input Domain
Determines if the hostname found by Veracode is in the input domains list you provided. The values are:
- Exact Domain Match: URL of the hostname found by Veracode matches one of the domains in the input domains list. In the previous example,
http://domain.comis an exact domain match.
- Subdomain Match: URL of the hostname found by Veracode matches one of the domains in the input domain list even if the URL contains a subdomain that was not provided to Veracode. For example,
sports.domain.commight be found from an input of
- No Domain Match: Veracode found this site, but it is not part of the input domains list. For example, if domain.com is the only input domain you provided and if the Discovery scan returned the finding of abc.com and
sports.example.com, those sites are classified as no domain match. You can view the Found by Display field to find the source of this finding.
- Host is an IP: hostname is an IP address. This value does not indicate if this IP address was also in the input IP range that you provided.
Copy Paste Column
This column provides the ability to copy the host list into a text editor to generate a standard input file for a DynamicMP scan.