# DAST Scanning DAST (Dynamic Application Security Testing) performs black-box security testing against live web applications and APIs. Unlike SAST which analyzes source code, DAST tests running applications by sending crafted requests and analyzing responses for vulnerabilities. ## DAST Overview Navigate to **DAST** in the sidebar to see the overview page. ![DAST overview with scan runs and finding counts](/screenshots/dast-overview.png) The overview shows: - Total DAST scans performed - Total DAST findings discovered - Number of active targets - Recent scan run history with status, phase, and finding counts ## Managing Targets Navigate to **DAST > Targets** to configure applications to test. ### Adding a Target 1. Enter a **target name** (descriptive label) 2. Enter the **base URL** (e.g. `https://staging.example.com`) 3. Click **Add Target** ### Target Settings Each target supports these settings: | Setting | Description | |---------|-------------| | **Target Type** | WebApp, REST API, or GraphQL | | **Max Crawl Depth** | How many link levels to follow | | **Rate Limit** | Maximum requests per second | | **Destructive Tests** | Allow DELETE/PUT requests | | **Excluded Paths** | URL paths to skip during testing | ### Authentication DAST supports authenticated scanning so it can test pages behind login: | Method | Description | |--------|------------| | **None** | No authentication | | **Basic** | HTTP Basic Auth with username and password | | **Bearer** | Bearer token in the Authorization header | | **Cookie** | Session cookie value | | **Form** | Login form with URL, field names, and credentials | ::: warning Authenticated scans access more of the application surface. Only test applications you own or have explicit authorization to test. ::: ## Running a DAST Scan Click the **Scan** button on any target row. The scan progresses through: 1. **Crawl** -- discovers pages, forms, and API endpoints by following links and analyzing JavaScript 2. **Test** -- sends attack payloads to discovered parameters 3. **Report** -- collects results and generates findings ## Viewing DAST Findings Navigate to **DAST > Findings** to see all discovered vulnerabilities. Each finding shows: | Column | Description | |--------|-------------| | Severity | Critical, High, Medium, Low, or Info | | Type | Vulnerability category (SQL Injection, XSS, SSRF, etc.) | | Title | Description of the vulnerability | | Endpoint | The HTTP path that is vulnerable | | Method | HTTP method (GET, POST, PUT, DELETE) | | Exploitable | Whether the vulnerability was confirmed exploitable | Click a finding to see full details including the CWE identifier, vulnerable parameter, remediation guidance, and evidence showing the exact request/response pairs that triggered the finding. ### Filtering Findings The findings page provides several filters to help you focus on what matters: | Filter | Description | |--------|-------------| | **Search** | Free-text search across finding titles and descriptions | | **Severity** | Filter by severity level (Critical, High, Medium, Low, Info) | | **Vulnerability Type** | Filter by vulnerability category -- supports all 21 DAST vulnerability types including SQL Injection, XSS, SSRF, CORS Misconfiguration, CSP Bypass, and more | | **Exploitable** | Show only confirmed-exploitable findings, or only unconfirmed | Filters can be combined. A count indicator shows how many findings match the current filters out of the total (e.g. "Showing 12 of 76 findings"). When no findings match the active filters, a message distinguishes between "no findings exist" and "no findings match your current filters." ::: tip Findings marked as **Confirmed** exploitable were verified with a successful attack payload. **Unconfirmed** findings show suspicious behavior that may indicate a vulnerability but could not be fully exploited. :::