Providing Advanced Options for a DynamicDS Scan

DynamicDS and DynamicMP

To enable you to customize a DynamicDS scan more specifically to your browser environment and your time or workload restrictions, Veracode provides the following advanced options. These options affect the behavior of the scan and can improve the accuracy of its findings.

User Agent

This option instructs the DynamicDS scan engine to set the specified string as the user agent on the scan request. Entering customized details of your browser ensures the DynamicDS scan crawls for known vulnerabilities for that particular browser and returns information specific to the respective environment. A custom field allows you to enter as much information about your browser, including version and platform. For example, for Firefox, you can specify custom details such as Mozilla/5.0 (Windows NT 5.2; rv:8.0) Gecko/20100101 Firefox/8.0.

Multithreading

Multithreading increases the number of parallel operations that the DynamicDS scan engine can perform. The production-safe approach performs these operations in a serial way that allows for the best coverage possible while allowing the network and server to govern request traffic. A scan engine with multithreading enabled sends a higher number of requests per minute and performs the same coverage in less time, achieving a faster end-to-end scan time. Multithreading is set on by default.

Crawl Depth

The depth level to which a DynamicDS scan crawls is measured by how many links away from the origin URL the scan crawls. For example, if you limit the crawl depth to 10 links, the DynamicDS scan will only crawl 10 links away from the target URL before it stops. This restriction reduces duplication and shortens the scan time.

Subdirectory Limit

The maximum number of subdirectories you want the DynamicDS scan to crawl in each parent directory. This setting only applies to directories beyond the root level (where the root level = crawl depth of 1).

In the above example, the subdirectory limit is set to 2. At the first level (crawl dept = 1), all directories are crawled. At the second level down (crawl depth = 2), two subdirectories of one parent directory are randomly sampled and scanned (in our example, /a1, /a3 are sampled from /a and /e2, /e3 are sampled from /e. At the third level down (crawl depth = 3), two subdirectories of /a3 are randomly sampled and scanned (in our example, /a31 and /a32 are sampled).

Exchanges per Link

Exchanges are HTTP request/response pairs that describe the traffic between the dynamic scan engine and the web application. As some links may have a large number of workflows, input forms and query or body parameters, this restriction could reduce duplication of testing and scan time. If time to results is critical for this scan, set this value to 5 exchanges per link or fewer. By default, Veracode scans 25 exchanges per link.

This configuration value could reduce scan coverage in scenarios where an application has many exchanges in the first few pages that are scanned. By limiting the value to a low number (fewer than 5), the scan may miss significant parts of the application located after these initial pages.

Scan Technology Coverage

Veracode more efficiently scans your web application when you indicate the technologies used across the application. By indicating the technology types for your operating system, web server, and database, Veracode can more accurately configure SQLi and other injection checks.
Note: Ensure you select all the technologies in all the categories that you are certain the applications uses. Otherwise, the DynamicDS scan can overlook vulnerabilities in your application.


Detection Coverage

The DynamicDS scan detects and identifies vulnerable parameters in your application.

Based on the analysis of historical scan results, Veracode categorizes all parameters as low-, medium-, or high-priority based on their probability of containing a vulnerability. Common examples of parameters include URL query string parameters and HTTP header request/response parameters. The default for a DynamicDS scan is to audit medium- and high-priority parameters. You have the option to audit ONLY high-priority parameters. If you select to focus only on high-priority parameters, the scan will be faster but vulnerability coverage may not be as comprehensive. Scan data shows that less than 1% of low-priority parameters contain vulnerabilities, however, auditing all the low-priority parameters can double the scan time. If you want to scan all parameters (including low-priority parameters), please state this requirement in the Special Instructions field when configuring the scan.

Custom Hosts

You can specify one or more custom IP to host mappings to support the scanning of sites that require custom hostnames that are not loaded as proper Internet-resolvable DNS host names. Enter the hostname and IP addresses of any custom mapping you want to scan. Wildcards, slashes, or paths are not permitted, and do not use http:// before the hostname.


Enter advanced configuration details.

Setting the Advanced Options

To set the advanced options for a DynamicDS scan, click Advanced Options in the DynamicDS section of the left navigation menu. This page also automatically opens after saving the Scan Configuration page.

Please note that these advanced options are not required for most sites, and adjusting the option settings, particularly the number of maximum links, may reduce the coverage of the scan or accuracy of the results.