Dynamic Analysis (DAST)

Find security vulnerabilities in running applications and servers


Dynamic Application Security Testing (DAST) are tests on running applications, server or network devices that aim to identify security vulnerabilities. Those tests include application tests, to test the application layer and network tests, to test the underlying infrastructure. Using Gauntlet you can run both.



Unified Scan Profile


Define the scan speed, which scanners will run, the maximum execution time, start path and extra HTTP request headers. After that you can reuse your scan profile for future scans, even scheduled ones. Learn more about Scan Schedulement.



Test Applications


With your registered scan profile, you just need to hit "Start Scan". And this scan profile idea is applied to applications and servers. To register an application, mark it as 'Dynamic' in the screen on the right and inform it's URL. Also note the need to select the 'business criticality'. It's used to put the application (or server) under organizational policies. Learn more about policies.



Test Servers


Servers, Internet of Things (IoT) devices and other network devices can also be tested. They receive a different treatment because they need an IP Address instead of a URL. And for both, servers and applications, you can mark them as "not internet facing". It means that your asset requires an internal testing. Learn more about internal testing.



Stop Scans Anytime


After starting a scan you'll see a screen like this, showing the scanner IP Address and the state of each scanner. In case you want, it's possible to stop the execution of selected scanners. It's also possible to set up notifications to be notified when a scan starts, finishes or stops. Learn more about notifications.



Explore the features