System requirements for DAST

Review the DAST-specific system and infrastructure requirements for Dynamic Application Security Testing (DAST) scanning with AppScan on Cloud.

General system requirements

For general system requirements including service connectivity, supported browsers, screen resolution, and network information, see System requirements and version support.

DAST requirements and limitations overview

The following are the key requirements and limitations for DAST scanning:

Internet accessibility: Tested applications must be open to the internet. If your application is not open to the internet, you must set up Private Site Scanning using AppScan Presence before launching the scan.
Domain verification or management: Before you start a scan, you must either verify the domain or add it to the allowed domains list. The Domains page you can access depends on your subscription.
ADNS testing configuration: For advanced testing using ADNS, ensure your firewall configuration allows connections to ADNS.appscan.com over port 53 (DNS protocol).
DAST IFA: If you use any of the DAST IFA capabilities, Azure OpenAI account is required.

Best practices

The following requirements apply for DAST scans:

Environment: Where possible, it is recommended to run DAST scans on staging rather than production sites. Running a DAST scan on a live production site may affect the site stability.
Running state: The application must be in a running state and accessible from the scanning environment.

DAST-specific network requirements

For comprehensive network requirements, data center information, and IP addresses, refer to DAST technology requirements in the system requirements topic.

Additionally:

For private site scanning, install and configure AppScan Presence for access to isolated networks.
Refer to Presence system requirements for additional information.

AppScan DNS (ADNS) server requirements for advanced testing

When utilizing the AppScan DNS (ADNS) feature—proper firewall and network configuration is required. ADNS testing allows AppScan on Cloud to identify DNS-related security vulnerabilities and out-of-band security issues by monitoring for DNS lookup queries triggered by the target application during a scan.

Server domain: ADNS.appscan.com
Protocol and port: DNS protocol over port 53
Connectivity requirement: The target web application must have outbound access to the ADNS server to enable ADNS testing. Ensure your firewall configuration allows DNS queries from the target application to the ADNS server.
Purpose: ADNS testing enables AppScan on Cloud to identify DNS-related security vulnerabilities and potential security issues such as those related to Log4j through DNS lookup queries.

DAST-specific limitations and considerations

Private site scanning concurrency: A single Private Site Scanning (PSS) Presence client supports up to 15 concurrent DAST scans.
Concurrency is based on the number of concurrent licenses. For example, if you have two concurrent licenses, you can run two scans at the same time, and any additional scans will be queued.