Getting Started with Veracode Dynamic Analysis

Dynamic Analysis

Publication
Dynamic Analysis
Edition date
2023-01-27
Last publication
2023-01-27T02:45:54.600583

Veracode Dynamic Analysis is a Dynamic Application Security Testing (DAST) solution that delivers an automated and scalable dynamic scanning capability that enables broad coverage at speed. You can analyze both web applications and REST APIs.

Veracode Dynamic Analysis interacts with the target web application or API like an attacker. It crawls your web application URLs or API endpoints to understand the architecture. For example, for web applications this includes links, text, form fills, and other page elements with which users can interact. It also checks attack points that are less visible to the user, such as header values, cookies, and URL parameters. The scan engine then audits the objects and attributes that the crawler discovered, and sends attacks, such as Cross-Site Scripting and SQL Injection, to these objects and attributes to identify exploitable vulnerabilities.

Because modern web applications are complex and full of features and functionality, a dynamic analysis crawler not only needs to interact with the application in the desired way, but also exercise each part of the application with payloads that test for vulnerabilities. More complex web applications require more requests and permutations of tests, which can increase the testing time.

Veracode strongly recommends that you scan all internet-facing and internal web applications or APIs to detect common vulnerabilities. For example, if an attacker compromises internet-facing web applications or APIs, they could gain access to internal web applications or APIs, exploit any vulnerabilities, and cause further damage to your organization.

You can use Dynamic Analysis to:

You access Dynamic Analysis from the Veracode Platform. Veracode also provides Dynamic Analysis REST APIs to automate dynamic scanning tasks. For additional testing coverage of your web applications and APIs, consider contacting Veracode to schedule Manual Penetration Testing of your sites.

Veracode Dynamic Analysis integrates with Veracode Discovery, which analyzes web application perimeters and searches for web applications within a defined IP address range or list of known hosts. Veracode also provides Veracode Internal Scanning Management (ISM) to access web applications and APIs behind a firewall.