Dynamic scanning (DAST)

ASoC can perform dynamic analysis of an application that runs in a browser or a web API. Use the configuration options available for a web application or web API in ASoC, or upload an AppScan Standard configuration (template file) or a full scan file.

The DAST scan wizard offers the following methods:
Option Description
Select scan method
Scan a web application Configure and run your scan in ASoC using the wizard options.
  • Upload a recording of the login procedure, if needed.
  • Upload a traffic file (DAST.CONFIG) to ensure that specific parts of the application are covered.

Creating a web application scan (full configuration)

API scan Configure and run your scan in ASoC using the wizard options.
Scan from file
From template If you have an AppScan Standard template (SCANT) file, you can use it as the configuration for your ASoC scan. This lets you benefit from all the configuration options available in AppScan Standard. An AppScan Standard template also includes the login recording and multistep configuration.

The template does not include a Manual Explore, but you can upload a traffic recording (DAST.CONFIG file) to ensure that specific parts of the application are covered.

Creating a new scan from a template file

From scan file If you have an AppScan Standard scan (SCAN) file, you can use it as the configuration for your ASoC scan.

Manual Explore, Multistep operations, and Web API files such as a Postman Collection saved in the SCAN file are included in the scan.

You can run a full scan or use the existing Explore date from the file and run only the Test stage of the scan.

Creating a new scan from a scan file

Related topics