In order to initiate an AppScan DAST scan you will have to configure your AppScan credentials first. More about how to configure AppScan credentials here.
Usage Flow Instructions
- Once you have configured your credentials, navigate to 'Dynamic Application Scanners' under 'Connectors' and click on 'AppScan DAST'.
- You will be prompted to enter your configuration details.
- Enter a 'Configuration Name', select your 'AppScan Credential' and the Agents as Strobes Default Agent.
- Select a 'Baseline' to log the vulnerabilities and click on 'Next'.
- Now select an 'Asset' against which you want the vulnerabilities to get populated and select your AppScan Apps. More about creating AppScan applications and scans here.
- Select the frequency of scheduling the config scan and click on 'Next'.
- Select any Tracking & Notification tool configurations if needed and click on Submit.
- The configuration is now created for you.
- Now click on 'New Scan' and you will be prompted to enter the URL of the target on which you want to run the AppScan DAST scan.
- Enter the URL and click on 'Scan'.
Note: Only verified domains can be scanned using AppScan. More on how to verify a domain here. This verification has to be done through AppScan.
- The scan will get initiated and once the scan is done the results will get populated against the Asset which you have chosen.