DAST
Overview
The DAST (Dynamic Application Security Testing) Blueprint performs runtime vulnerability scanning against your web applications and APIs, identifying security issues like misconfigurations, injection flaws, and exposed sensitive data. Findings are classified with CVE, CWE, CVSS, and EPSS scores for prioritized remediation.
Configurations
| Configuration | Description |
|---|---|
| Blueprint Account Name | A human-readable name for your account that will be used to identify this account across the application. |
| Application | Select the application to associate scan results with. |
| URL | The target application URL to scan. |
| Token | Authentication token for accessing protected endpoints. This is stored securely and used as a Bearer token during scanning. |
Permissions
The DAST Blueprint requires network access to the target URL. The authentication token should have sufficient permissions to access the application's endpoints for thorough coverage.
- The target URL must be reachable from the Kscope environment
- The token is passed as a Bearer authentication header during scanning
- Read-only access is sufficient -- the scanner does not modify application state
Scan Types
The Blueprint supports two scan modes:
| Type | Description |
|---|---|
| Web | Scans web application endpoints for common vulnerabilities |
| API | Scans API endpoints with targeted checks for API-specific security issues |
Multiple URL configurations can be provided to scan different endpoints with different tokens and scan types in a single crawl.
Severity Levels
Findings are classified by severity:
| Severity | Description |
|---|---|
| Critical | Requires immediate remediation -- active exploitation risk |
| High | Serious vulnerability that should be addressed urgently |
| Medium | Moderate risk that should be planned for remediation |
| Low | Minor issue with limited exploitability |
Schema Model
| Resources | Source Entity | Description |
|---|---|---|
| Scan | dast.scan | A scan execution against a target URL |
| Scan Results | dast.scan.DastScanResults | Aggregated results for a target URL including total finding count |
| Vulnerability Finding | dast.scan.VulnerabilityFinding | An individual vulnerability detected during the scan |
| Info Block | dast.scan.InfoBlock | Vulnerability metadata including name, description, severity, and remediation steps |
| Classification | dast.scan.Classification | CVE IDs, CWE IDs, CVSS score/metrics, EPSS score/percentile, and CPE identifier |
Finding Details
Each vulnerability finding includes:
- External ID -- Unique identifier for the finding
- Target -- The URL/endpoint where the vulnerability was detected
- Severity -- Critical, High, Medium, or Low
- Description -- Detailed explanation of the vulnerability
- Remediation -- Recommended steps to fix the issue
- Classification -- CVE IDs, CWE IDs, CVSS score and metrics, EPSS exploitation probability, and CPE
- CURL Command -- Reproduction command for verification
- Tags -- Associated categories for filtering and grouping