About the DAST Essentials scanners

DAST Essentials can perform scans in two variants:

Quick scan

Runs only non-invasive tests for "live" production versions of your code. By default, it uses a single-page crawler, which is optimized for web applications written in languages such as Angular and React, Vue, or Jquery. For applications with multiple pages, such as those written in PHP or JSP, you can change to a multi-page scanner on the Configure target page.

Full scan

Runs all DAST Essentials scanners. Only recommended for test or developer systems, as security scanners can decrease performance or impact live data for productive systems. Several factors can increase the scan time, such as the scanners you run, network performance, the number of web pages or API endpoints, the amount of content on each page, and the target configuration. These scans can impact the performance of your live web application or API. To ensure that these resources run optimally, consider running a full scan in a staged environment.

You can change the selected scanners on the Configure target page. If the URL is protected by HTTP Basic Authentication using a .htaccess file, on the Configure target page, you must add your username and password to the System Authentication section on the Authentication tab.