Send discovered applications to DAST

Use the integration between External Attack Surface Management (EASM) and DAST to export web applications discovered in your external attack surface directly into DAST.

Discover external attack surface with EASM

Before scanning web applications or APIs with DAST, run an EASM scan to identify vulnerable assets in your external attack surface. To scan your attack surface, follow the steps in Discover external assets.

Triage discovered assets for DAST scans

After completing a discovery scan, identify web applications that are appropriate for a DAST scan.

To complete this task:

1. Sign in to the Veracode Platform.
2. Select Scans and Analysis > EASM.
3. Select the dashboard icon .
4. At the top of the page, use the dropdown and select Things.
5. To refine the results, at the top-right corner, select the filter icon. Filter for asset types such as "Applications" that are suitable for DAST scanning.
6. Review the discovered applications. Pay attention to attributes such as:
   • Whether the application is publicly accessible
   • The detected technology stack
   • Any existing security indicators
   • Business criticality based on the domain or functionality

Enroll applications in the DAST Candidates security program

Once you've identified suitable applications for DAST scanning, enroll them in the DAST Candidates security program.

To complete this task:

1. Sign in to the Veracode Platform.
2. Select Scans and Analysis > EASM.
3. Select the dashboard icon .
4. At the top of the page, use the dropdown and select Things.
5. To select the web applications that you want to scan with DAST, select the checkboxes in the corresponding rows.
6. Select EDIT SELECTED at the top-right corner of the page.
7. In the Bulk edit panel that appears, select Security program Onboarding > ONBOARD ITEM.
8. From the Select security program dropdown, select DAST Candidates. Configure any additional enrollment parameters if prompted.
9. Select ONBOARD ITEM.

Update the current test to send data to DAST

After enrolling the applications, update the current test to send data to DAST.

To complete this task:

1. Remain in the EASM interface after enrolling applications.
2. Select the scan icon or the check icon .
3. From the dropdown, select Update the current test.
4. Select Launch Scan. A notification appears to confirm that the selected applications were sent to DAST. You can also see the status on the Sync status column.

Access discovered targets in DAST

After sending the applications to DAST, you can manage them as targets and include them in DAST scans.

To complete this task:

1. Sign in to the Veracode Platform.
2. Select Scans and Analysis > DAST.
3. To see the list of targets from EASM, on the Target list page, select the Discovered Targets tab.