Requesting a DynamicMP Scan

DynamicDS and DynamicMP

DynamicMP performs massively parallel scans, rapidly and simultaneously analyzing multiple web applications to establish a security baseline of your perimeter. If your application is not publicly accessible, you must open the firewall to for Veracode to be able to perform the DynamicMP scan.

To request a DynamicMP scan:
  1. Click Scans > DynamicMPat the top of the Veracode Platform.
  2. Click New DynamicMP Scan.
  3. In the New DynamicMP Scan page, enter a name for the new scan.
  4. Select to either upload the .txt file that contains the list of URLs you want the new DynamicMP scan to analyze, or select Manual Entry and manually enter or paste the URLs into the Site List field. You can only enter one input per line in your uploaded text file or in your manually entered text.
    Note: You must enter HTTP and HTTPS sites separately for the same URL as Veracode does not automatically scan both protocols for each input website you provide. However, if a website redirects some pages to the HTTPS protocol, the scan continues to crawl and audit those links.
  5. To determine who can see your DynamicMP scan, in the Visibility section, select Security Leads Only or select Security Leads & Teams and choose a team from the list of available teams.
  6. Enter the date and time when you want the scan to start, choosing a date that is 24 hours in advance of when you want the scan to start. Veracode recommends that you enter a total scan time of four days, which includes the 24-hour advance period. The time zone of the time you select is that of your local system when you schedule the scan.

    The end date and time fields enable you to define the duration of the actual scanning. Veracode validates the DynamicMP results within 2-4 business days.

  7. Optionally, select the business unit that manages this application.
  8. Optionally, enter the name and email address of the business owner who is responsible for this application.
  9. Optionally, enter any metadata tags you want to add to the profile, separating the tags with commas.
  10. Select the checkbox that certifies that you have the authority to scan these sites.
  11. Click Submit.
Example inputs: could be:

After you submit your DynamicMP scan, it appears in the list of scans on the DynamicMP Scans page, where you can see its status. Click the name of your scan to open the scan overview page. From this page you can see the scan submission details, download the list of scanned sites, or delete the DynamicMP scan. If the scan is finished, you can click the Triage Flaws button or the link in the left navigation menu to review the discovered flaws.

After completing a DynamicMP scan, you can link the scan results of one or more sites to a new or existing application profile. All the business organizational information you entered when requesting the DynamicMP scan is also copied to the new application profile. Adding the DynamicMP scan results to the profile enables you to perform multiple scans with flaw matching or to customize the scan configuration of the application.