Skip to main content

Dynamic Analysis

Audience: Administrator, AppSec manager, Developer, Security leader

For an overview of the main Dynamic Analysis products, watch Dynamic Analysis in the Veracode Platform.

To quickly run your first Dynamic Analysis using DAST Essentials (free trial), see the quickstart.

Prerequisites

Learning objectives

Upon completion of this module, you'll be able to:

  • Create and run a Dynamic Analysis in the Veracode Platform.
  • Review security findings in the Veracode Platform.
  • Prioritize, mitigate, and remediate findings in the Veracode Platform.
Scan your web application or API
~30 min

Learn how to create and run a Dynamic Analysis, configure a login script to access specific areas of your application, and link the results to an application profile.

  1. Create an unauthenticated web application scan
    ~5 min
  2. Configure login settings for a web application scan
    ~4 min
  3. Create an API specification scan
    ~9 min
  4. Optional. To scan behind a firewall, install Internal Scanning Management (ISM) endpoints
    ~7 min
  5. Manually link results to an application profile
    ~4 min
Review and download findings
~8 min

Learn how to review findings and download reports.

The following videos use results from a Static Analysis, but the review workflow is the same for Dynamic Analysis results. On the Triage Flaws page, the Path column shows the source code path to a Static Analysis finding. For Dynamic Analysis findings, the Path column shows the scanned URL where the finding exists.

  1. Review findings
    ~4 min
  2. Download reports
    ~4 min
Work with findings
~30 min

Learn how to plan for and prioritize findings you need to fix, verify fixes, and mitigate findings you will not fix.

  1. Develop a remediation plan
    5 min
  2. Prioritize findings to fix
    ~4 min
  3. To verify fixes, rescan your application
    ~10 min
  4. Mitigate findings you will not fix
    ~8 min
Next steps