After completing a Discovery scan, the results are listed in the web perimeter inventory.
Discovery scans analyze your web application perimeter and perform focused searches for web applications within a defined IP address range or list of known hosts, then provide you with a detailed listing of the applications found. This list of applications can help you determine which applications to include in your Dynamic Analysis and DynamicMP scans. During the configuration of a Discovery scan, you can select which specific teams and security leads can see the results of a Discovery scan so that you decide who has visibility of the scan data.
The web perimeter page provide an asset summary and a list all the URLs that Discovery or DynamicMP has crawled.
On the Web Perimeter Assets page, the asset summary provides an at-a-glance overview of all
the assets found during Discovery scans, any sites that are now decommissioned, and any new
sites that Veracode has found. Users with the Security Lead role can limit access to
Discovery scan results to just security leads or to specific teams. You can only see the
assets of Discovery scans to which you have been given visibility.
All Assets List
- IP address
- Response - time in seconds.
- Confidence - each host is given a confidence score to help you focus time and attention on higher confidence hosts, which are most likely to be part of your network. More information on confidence is available in the Discovery results you can download from the Veracode Platform.
- Redirect Location - the URL of where the redirection goes if the asset redirects to another location.
- Server Header - identifies the web server.
- Login - indicates whether a login was necessary to access the site.
- Login Type - HTTP or forms.
- Certificate Owner - the name of the organization that owns the SSL certificate.
- Common Name - the domain name of the site.
- DynamicMP Candidate - informs you if this asset is a good candidate for a DynamicMP scan or whether a DynamicMP scan would only return limited results. The classification of good candidates focuses on websites that respond with HTML content, do not redirect to other servers, and are not duplicates of other assets on your web perimeter.
- Last Found - date when the URL was last found during a Discovery scan.
Click Columns to select the columns you want to show or hide.
If you want to run a DynamicMP scan on one or more URLs, select the specific rows and click Create DynamicMP Scan. The DynamicMP Scans page opens, with the details of the sites prepopulated in the appropriate fields.
More information about any web perimeter assets you have scanned with Discovery is available in the Discovery results you can download from the Veracode Platform.
You can assign metadata as free-text tags to the assets in your list of web perimeter assets. These tags can help you sort and track your web assets across Discovery scans.
- Select the asset in the All Assets list, and click Add/Edit Tags.
- Enter the name of your tag and press Enter.
- Enter as many tags as you want, and when you are finished, click
Save. Note: If this asset already has one or more tags, new tags override existing tags.