Skip to main content

Send discovered applications to DAST Essentials

Use the integration between External Attack Surface Management (EASM) and DAST Essentials to export web applications discovered in your external attack surface directly into DAST Essentials.

Discover external attack surface with EASM

Before scanning web applications or APIs with DAST Essentials, run an EASM scan to identify vulnerable assets in your external attack surface. To scan your attack surface, follow the steps in Discover external assets.

Triage discovered assets for DAST scans

After completing a discovery scan, identify web applications that are appropriate for a DAST Essentials scan.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the dashboard icon dashboard_easm.png.
  4. At the top of the page, use the dropdown and select Things.
  5. To refine the results, from the top-right corner, select the filter icon. Filter for asset types such as "Web Applications" that are suitable for DAST scanning.
  6. Review the discovered applications. Pay attention to attributes such as:
    • Whether the application is publicly accessible
    • The detected technology stack
    • Any existing security indicators
    • Business criticality based on the domain or functionality

Enroll applications in the DAST Candidates security program

Once you've identified suitable applications for DAST scanning, enroll them in the DAST Candidates security program.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the dashboard icon dashboard_easm.png.
  4. At the top of the page, use the dropdown and select Things.
  5. To select the web applications that you want to scan with DAST Essentials, select the checkboxes in the corresponding rows.
  6. Select EDIT SELECTED at the top-right corner of the page.
  7. In the Bulk edit panel that appears, select Security program Onboarding > ONBOARD ITEM.
  8. From the Select security program dropdown, select DAST Candidates. Configure any additional enrollment parameters if prompted.
  9. Select ONBOARD ITEM.

Update the current test to send data to DAST Essentials

After enrolling the applications, update the current test to send data to DAST Essentials.

To complete this task:

  1. Remain in the EASM interface after enrolling applications.
  2. Select the scan icon start_scan_easm.png.
  3. From the dropdown, select Update the current test.
  4. Select Launch Scan. A notification appears to confirm that the selected applications were sent to DAST Essentials. You can also see the status on the Sync status column.

Manage discovered targets in DAST Essentials

Once the applications are transferred to DAST Essentials, you can manage them and initiate DAST Essentials scans.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > DAST Essentials.
  3. On the Target list page, select the Discovered Targets tab.
  4. The applications that were sent from EASM are listed here. Refer to integration with EASM for further instructions on how to manage discovered targets within DAST Essentials.