Dynamic Application Security Testing - DAST
Dynamic Application Security Testing (DAST) is a security testing practice that identifies vulnerabilities in running applications by simulating real-world attacks. It is an essential part of the security testing process to discover issues that may arise during runtime, such as input validation flaws, authentication errors, and configuration vulnerabilities.
With Harness Security Testing Orchestration (STO), you can seamlessly perform DAST using a wide range of integrated scanners. STO enhances the scanning process by normalizing results, deduplicating findings, and formatting them into actionable insights.
Set up DAST Scanning with Harness STO
You can use any of the integrated scanners that perform DAST scanning, or you can leverage the Harness STO Built-in Scanner workflow. The Built-in Scanner step enables you to set up scans without requiring paid licenses or complex configurations. Currently, the Built-in Scanner uses Zed Attack Proxy (ZAP). Alternatively, you can select any of the supported scanners below for detailed configuration steps.
Supported Scanners for DAST
Below is the list of scanners supported for DAST in Harness STO:
If the scanner you use for DAST scanning is not listed, you can explore additional scanners that are compatible with the Custom Scan step. If the Custom Scan step does not support the scanner you need, you can use the Custom Ingestion step to ingest and process your scan results.
Next steps
After running a security scan, you can take the following actions:
- View Scan Results: See the security scan results in the pipeline execution. View scan results.
- Remediate Issues with AI: Use AI-based suggestions to fix identified vulnerabilities. Use AI to fix security issues.
- Exempt issues: Manage and exempt specific issues based on requirements. Exemption workflows
- Enforce Policies: Apply OPA policies for control and governance. Enforce OPA policies.