Reviewing the Assets in the Web Perimeter

Results and Reports

After completing a Discovery scan, the results are listed in the web perimeter inventory.

Discovery scans analyze your web application perimeter and perform focused searches for web applications within a defined IP address range or list of known hosts, then provide you with a detailed listing of the applications found. This list of applications can help you determine which applications to include in your Dynamic Analysis and DynamicMP scans. During the configuration of a Discovery scan, you can select which specific teams and security leads can see the results of a Discovery scan so that you decide who has visibility of the scan data.

To review the assets within your web perimeter, click My Portfolio > Web Perimeter.

The web perimeter page provide an asset summary and a list all the URLs that Discovery or DynamicMP has crawled.

Asset Summary

On the Web Perimeter Assets page, the asset summary provides an at-a-glance overview of all the assets found during Discovery scans, any sites that are now decommissioned, and any new sites that Veracode has found. Users with the Security Lead role can limit access to Discovery scan results to just security leads or to specific teams. You can only see the assets of Discovery scans to which you have been given visibility.

All Assets List

The table of web perimeter assets list the:
  • IP address
  • Response - time in seconds.
  • Confidence - each host is given a confidence score to help you focus time and attention on higher confidence hosts, which are most likely to be part of your network. More information on confidence is available in the Discovery results you can download from the Veracode Platform.
  • Redirect Location - the URL of where the redirection goes if the asset redirects to another location.
  • Server Header - identifies the web server.
  • Login - indicates whether a login was necessary to access the site.
  • Login Type - HTTP or forms.
  • Certificate Owner - the name of the organization that owns the SSL certificate.
  • Common Name - the domain name of the site.
  • DynamicMP Candidate - informs you if this asset is a good candidate for a DynamicMP scan or whether a DynamicMP scan would only return limited results. The classification of good candidates focuses on websites that respond with HTML content, do not redirect to other servers, and are not duplicates of other assets on your web perimeter.
  • Last Found - date when the URL was last found during a Discovery scan.

Click Columns to select the columns you want to show or hide.

Click Filters to open the filter pane and select filters on which to sort your assets. Using filters may reduce the number of assets you see in All Assets, but it does not change the numbers you see in the Asset Summary.

If you want to run a DynamicMP scan on one or more URLs, select the specific rows and click Create DynamicMP Scan. The DynamicMP Scans page opens, with the details of the sites prepopulated in the appropriate fields.

More information about any web perimeter assets you have scanned with Discovery is available in the Discovery results you can download from the Veracode Platform.

Using Tags

You can assign metadata as free-text tags to the assets in your list of web perimeter assets. These tags can help you sort and track your web assets across Discovery scans.

To add tags:
  1. Select the asset in the All Assets list, and click Add/Edit Tags.
  2. Enter the name of your tag and press Enter.
  3. Enter as many tags as you want, and when you are finished, click Save.
    Note: If this asset already has one or more tags, new tags override existing tags.

Enter the tag text and press Enter.