Configuring URL Settings

Dynamic Analysis

In addition to configuring the settings for the whole Dynamic Analysis, you can also configure the scan of each URL contained by the Dynamic Analysis.

On the Edit Configuration page, provide detailed information about the URL scan.
URL
Enter a starting URL for your scan, including any custom ports. Select the checkbox if you want to include both the http:// and https:// address in the scan. The scan starts at this page and then searches the entire web site. Choose a URL that enables the scan to crawl all the pages on the site, and adhere to these rules:
  • You must precede URLs with http:// or https://.
  • You must end directory names with a slash (/).
  • Acceptable formats are: full hostname (http://www. example.com/) or hostname and directory (http://example.com/dir/).
  • Do not use wildcards in the target URL.
  • You are allowed to use wildcards in the Allowed Hosts and Exclude URLs fields to include or exclude multiple pages or portions of a site all at once. For example, http://*.example.com includes all subdomains, such as http://a.example.com, but does not include http://a.b.example.com.
Blacklist URL Exclusions
Exclude URLs that you do not want the Dynamic Analysis to scan. You can also change the scope of the blacklist by excluding the HTTP or HTTPS versions.
Add Allowed Hosts
By default, the Dynamic Analysis scan engine scans all subdirectories under the top-level domain. Because Veracode does not automatically scan the subdomains, you can include them in the scope of the scan by specifying them in the Allowed Hosts tab. You can also change the scope of the URL scan by excluding the HTTP or HTTPS versions.
Specify the Login Method
Choose automatic login, basic authentication, or form-based login.
Configure Internal Scanning
If the URL is behind a firewall, select a reachable gateway and endpoint for the URL. This setting is only available if you have purchased Veracode Internal Scanning Management (ISM).
Add User Agent Information
Enter customized details of your browser to ensure the scan crawls for known vulnerabilities for that particular browser and returns information specific to the respective environment.


Edit a URL Configuration

You can edit a URL configuration at any time by clicking the pencil icon at the end of URL row.


Delete a URL Configuration

If the Dynamic Analysis has not yet started, you can delete a URL configuration by clicking the delete icon at the end of the URL row.