Dynamic Analysis updates - Commercial
The updates on this page apply to the following Veracode Dynamic Application Security Testing (DAST) features in the Commercial Region:
March 28, 2024
Improved pause and resume scheduling
You can now schedule an analysis to pause and resume on specific days of the week, during specific periods, or both.
December 19, 2023
Web application and API scans now support multi-factor authentication
You can now configure web application scans and API scans to use time-based one-time password (TOTP) seeds for URLs that require multi-factor authentication (MFA). You can also configure TOTP with the REST API.
December 12, 2023
ISM Endpoint 23.12.1
- The endpoint now supports Java 21.
- Adds virtual threading functionality to improve performance and stability. Before you can use this functionality, you must upgrade to Java 21.
November 27, 2023
Free trial of DAST Essentials
Veracode now offers a free 14-day trial of DAST Essentials in the Veracode Platform. To sign up, on the Sign in page, select Sign Up to create your account. If you are a Veracode customer and want to try DAST Essentials, contact your sales associate.
November 15, 2023
Introducing DAST Essentials
DAST Essentials is a new Dynamic Application Security Testing (DAST) product that provides rapid and resilient DAST scanning of web applications and REST APIs, a user-friendly interface, and seamless CI/CD pipeline integration. To get started, see the quickstart.
September 25, 2023
Web application and API scans now support custom cookies
You can now configure web application scans and API scans to use one or more custom cookies for authentication.
May 9, 2023
ISM Endpoint 23.5.0
Added executable scripts that update the JAVA_HOME path for the endpoint.
April 25, 2023
ISM Endpoint 23.4.2
- The endpoint now supports environments where the target host is on the same host as the client.
- Source code files now include a copyright header.
February 27, 2023
Set URL Scan Settings at the Organization Level
You can now use the Dynamic Analysis REST API to set URL scan settings for all analyses and scans in an organization.
February 17, 2023
New Manual Resume Feature for Paused Analyses
Veracode Dynamic Analysis adds a new feature that enables you to manually resume a scheduled analysis from a paused state. This feature is only available upon request. To add this feature to your account, contact Veracode Technical Support.
January 20, 2023
Renamed URL Scan Status Messages
Veracode has renamed and changed the descriptions for the following URL scan status messages for Dynamic Analysis. The new names more accurately describe the issues that caused these status messages to appear in the Veracode Platform.
Killed - Partial Results Availableis nowLockout - Partial Results Available.Killed - Verifying Partial Resultsis nowLockout - Verifying Partial Results.
December 19, 2022
ISM Endpoint 22.12.3
- Fixed an endpoint issue that caused threads to lock up until the ISM tunnel closes.
- Improved endpoint logging that Veracode Technical Support can use for troubleshooting.
October 18, 2022
API Scanning Adds Support for Scriptable Request Modification
Veracode API Scanning adds a new option for using JavaScript to modify an HTTP request, at runtime, when authenticating with a remote host.
October 5, 2022
New Similarity Threshold for Web Applications
When configuring an analysis of a web application, you can now set a threshold for ignoring similar web pages during the analysis.
September 7, 2022
Dynamic Analysis Now Creates Screenshots for Consecutive Login Failures
The Veracode scan engine now creates a verification screenshot if it is unable to log in to a target application after 50 attempts. The screenshot image shows when and where in the scanning process the failed login attempts occurred. You can use this information for troubleshooting.
August 2, 2022
New Historical Details for Dynamic Analyses and Scans
You can now view detailed information about all past occurrences of both a dynamic analysis and its scans.
May 18, 2022
Re-Enabled Pause and Resume for Scheduled Analyses
When scheduling a Dynamic Analysis, you can now set it to pause and resume scanning at specific days and times. Veracode disabled this option on October 7, 2021.
April 28, 2022
New Status Messages for Partial Scan Results
Dynamic Analysis now provides status messages that indicate when Veracode is verifying partial results and when partial results are available for review. Partial results can occur when a scan stops prematurely due to:
- Errors during scanning
- Users stopping the scan early
- The scan exceeding its configured duration
March 23, 2022
API Scanning Adds Support for OpenID Connect to OAuth 2.0
March 10, 2022
Dynamic Analysis Adds Support for Concurrent Browsers Running Dynamic Analysis Scans
Veracode Dynamic Analysis now supports concurrent browsers for running multiple Dynamic Analysis scans at the same time. When configuring a web application scan, you can specify up to 12 concurrent browsers.
March 8, 2022
API Scanning Adds OAuth 2.0 Authentication and Analysis History Options
Veracode API Scanning includes these changes:
- New option to configure OAuth 2.0 authentication for the API endpoints in your API specifications. You can select to use either the Client Credentials or Password Credentials grant type.
- New Associated Analysis field on the API Specification Details page for a given API specification. This field provides options for viewing, reconfiguring, and rerunning previous scans.
March 3, 2022
Dynamic Analysis Now Detects Log4j Vulnerability CWE-115
Veracode Dynamic Analysis can now detect Log4j vulnerability CWE-115 when scanning web applications or API specifications.
February 4, 2022
Updated Dynamic Analysis Scan Engine
The Dynamic Analysis scan engine includes these updates:
- Updated Chromium to version 98.0.4758.80
- Log4j security updates
- Improved connectivity when authenticating with Veracode
- Fix for insecure cookies that prevented flaw matching
January 25, 2022
ISM Endpoint 22.1.10
- Endpoint upgraded to Log4j 2.17.1 to address security findings.
- Improved thread management for connection stability.
- Advanced memory usage diagnostics.
December 21, 2021
ISM Endpoint 21.12.13
- Endpoint upgraded to Log4j 2.17 to address known vulnerabilities CVE-2021-44228 and CVE-2021-45046.
- Additional libraries upgraded to address security findings.
August 10, 2020
ISM Endpoint 20.8.5
- Endpoint now supports not resolving the hostname when accessing the ISM gateway via proxy. This support enables you to only allow the gateway hostname for outbound HTTPS calls.
- Endpoint now supports not resolving the hostname when accessing scanned URLs via proxy. This support simplifies proxy configuration if you do not want to access external sites, such as Okta, during the scan.
- Improved interface for configuring a proxy for the endpoint installer.
- Endpoint installer supports configuring hostname resolution properties.
- Java WebSocket library for the endpoint upgraded to version 1.5.1.
- Endpoint supports specifying non-default network interface via endpoint properties, including the option to see a list of available network interfaces.
- Endpoint process name on Linux includes a Veracode identifier.
- Improved endpoint logging.
March 9, 2020
ISM Endpoint 20.3.5
- Endpoint installer supports client-side Java and 32-bit Java.
- Endpoint installer supports proxy gateway-only property.
- Endpoint supports running diagnostics through a DSE tunnel.
- Endpoint supports new advanced diagnostics options.
- Consolidated direct diagnostic options and diagnostics options that run through a DSE tunnel.
- The ISM service from the Windows installer runs under the less privileged LocalService account instead of LocalSystem.
- Proxy configuration in the installer no longer requires web access to
veracode.com. - Resolved issue with property merge in the endpoint installer.
- Improved endpoint memory management and
out of memoryprotection.