Dynamic Analysis
Audience: Administrator, AppSec manager, Developer, Security leader
For an overview of the main Dynamic Analysis products, watch Dynamic Analysis in the Veracode Platform.
To quickly run your first Dynamic Analysis using DAST Essentials (free trial), see the quickstart.
Prerequisites
- You have a user account and an application profile.
Learning objectives
Upon completion of this module, you'll be able to:
- Create and run a Dynamic Analysis in the Veracode Platform.
- Review security findings in the Veracode Platform.
- Prioritize, mitigate, and remediate findings in the Veracode Platform.
Scan your web application or API
~30 min
Learn how to create and run a Dynamic Analysis, configure a login script to access specific areas of your application, and link the results to an application profile.
- Create an unauthenticated web application scan
~5 min - Configure login settings for a web application scan
~4 min - Create an API specification scan
~9 min - Optional. To scan behind a firewall, install Internal Scanning Management (ISM) endpoints
~7 min - Manually link results to an application profile
~4 min
Review and download findings
~8 min
Learn how to review findings and download reports.
The following videos use results from a Static Analysis, but the review workflow is the same for Dynamic Analysis results. On the Triage Flaws page, the Path column shows the source code path to a Static Analysis finding. For Dynamic Analysis findings, the Path column shows the scanned URL where the finding exists.
- Review findings
~4 min - Download reports
~4 min
Work with findings
~30 min
Learn how to plan for and prioritize findings you need to fix, verify fixes, and mitigate findings you will not fix.
Next steps
- Learn more about DAST Essentials and Dynamic Analysis.
- Learn more about managing findings.
- Explore the Veracode integrations or visit the Community Integrations.