Dynamic scanning (DAST)
ASoC can perform dynamic analysis of an application that runs in a browser or a web API. Use the configuration options available for a web application or web API in ASoC, or upload an AppScan Standard configuration (template file) or a full scan file.
Option | Description |
---|---|
Select scan method | |
Scan a web application | Configure and run your scan in ASoC using
the wizard options.
|
API scan | Configure and run your scan in ASoC using the wizard options. |
Scan from file | |
From template | If you have an AppScan Standard template
(SCANT) file, you can use it as the configuration for your ASoC scan. This lets you benefit from all the
configuration options available in AppScan Standard. An AppScan Standard template also includes the
login recording and multistep configuration. The template does not include a Manual Explore, but you can upload a traffic recording (DAST.CONFIG file) to ensure that specific parts of the application are covered. |
From scan file | If you have an AppScan Standard scan
(SCAN) file, you can use it as the configuration for your ASoC scan. Manual Explore, Multistep operations, and Web API files such as a Postman Collection saved in the SCAN file are included in the scan. You can run a full scan or use the existing Explore date from the file and run only the Test stage of the scan. |
Related topics
- Recording traffic
- Using AppScan Standard scans or templates
- Scanning sites that use client certificates
- Creating an AppScan Presence for a web app that is not accessible from the Internet