Dynamic Analysis

Audience: Administrator, AppSec manager, Developer, Security leader

For an overview of the main Dynamic Analysis products, watch Dynamic Analysis in the Veracode Platform.

To quickly run your first Dynamic Analysis using DAST Essentials (free trial), see the quickstart.

Prerequisites

• You have a user account and an application profile.

Learning objectives

Upon completion of this module, you'll be able to:

• Create and run a Dynamic Analysis in the Veracode Platform.
• Review security findings in the Veracode Platform.
• Prioritize, mitigate, and remediate findings in the Veracode Platform.

Scan your web application or API
~15 min

Learn how to create and run a Dynamic Analysis, configure a login script to access specific areas of your application, and link the results to an application profile.

1. Create an unauthenticated web application scan
   ~5 min
2. Configure Dynamic Analysis login settings
   ~4 min
3. Manually link results to an application
   ~4 min

Review and download findings
~8 min

Learn how to review findings and download reports.

The following videos use results from a Static Analysis, but the review workflow is the same for Dynamic Analysis results. On the Triage Flaws page, the Path column shows the source code path to a Static Analysis finding. For Dynamic Analysis findings, the Path column shows the scanned URL where the finding exists.

1. Review findings
   ~4 min
2. Download reports
   ~4 min

Work with findings
~30 min

Learn how to plan for and prioritize findings you need to fix, verify fixes, and mitigate findings you will not fix.

1. Develop a remediation plan
   5 min
2. Prioritize findings to fix
   ~4 min
3. Rescan your application to verify fixes
   ~10 min
4. Mitigate findings you will not fix
   ~8 min

Next steps

• Learn more about DAST Essentials and Dynamic Analysis.
• Learn more about managing findings.
• Explore the Veracode integrations or visit the Community Integrations.