Guide

Running an Authorized DAST Scan with Acunetix and Invicti

2 min read

Get the document

Tell us where to send it. The PDF lands in your inbox in under a minute.

About

About this guide

Connect a DAST vendor with credentials encrypted at rest, scope the scan to assets you own, launch it, watch the status sync, and import results through the correlation pipeline.

This guide takes you through running an authorized DAST scan with Acunetix or Invicti from inside PMAP. You will connect the vendor with every credential field encrypted at rest, attach a recorded login sequence for authenticated coverage, set include and exclude URL scope, launch through PMAP’s vendor-agnostic remote scan controls, watch the 30-second status sync, and import results with the configured severity threshold and PMAP severity governance applied.

Running an Authorized DAST Scan with Acunetix and Invicti
The Integrations workspace: each connector card shows last-tested and last-synced timestamps; the Add integration wizard renders its form dynamically from the GET /types catalog.

It is written for application security teams running scoped, defensive testing against assets their organization owns or is permitted to assess. By the end you can verify the run with the findings delta and the activity log, then make the routine repeatable with a vendor-side or PMAP-side schedule so authorized coverage continues on a cadence.

Inside this guide

  • Confirm authorization and scope of the target before any scan is created.
  • Connect the DAST vendor, test the connection, and confirm credentials are encrypted at rest.
  • Pick a scan template on the vendor and create the remote scan against the target.
  • Attach a recorded login sequence and set the include and exclude URL scope.
  • Launch the scan and watch the status sync track progress.
  • Import results with severity governance, then review the findings delta and close out.
  • Schedule recurring authorized scans and reconcile any orphaned history.

Before you start

  • Written authorization to test the specific target, since DAST in PMAP is for scoped, defensive testing of assets you own or are permitted to assess.
  • A PMAP account with permission to create and update integrations and to create and import scans in your company and project scope.
  • Acunetix or Invicti reachable from PMAP, plus a service account or API key with rights to create, launch, and read scans.
  • For authenticated scanning, a login sequence already recorded on the vendor, so PMAP can list and attach it.
  • An agreed import severity threshold and a destination project, so findings route to the right place at the right minimum severity.

All resources

Keep exploring

Related resources

See it live

Ready to see PMAP in action?

Talk to our team or jump straight into a guided tour of the platform.

We use your email only to set up your guided tour. No marketing drip, no third-party tracking.