Jump to Content
Docs
Samples
Changelog
Log In
Docs
Log In
Moon (Dark Mode)
Sun (Light Mode)
Docs
Samples
Changelog
Automated Run
Search
All
Pages
Start typing to search…
Welcome
What is Bright DAST?
About Docs
Support
Accessibility
Privacy Policy
Terms of Service
DEPLOYMENT OPTIONS
Overview
SaaS Deployment
Private Cloud Deployment
Getting Started
Quickstart
Onboarding your targets
Authentication
Add an Authentication Object
Configuring Recorded Browser-Based Form Authentication
Configuring Manual Browser-Based Form Authentication
Configuring Header Authentication
Configuring OIDC Connect (OAuth)
Configuring Custom API Authentication Flow
Configuring NTLM Authentication
Testing Authentication
Bright Authentication Recorder
Google Chrome DevTools
String Interpolation Syntax
Email OTP
Discovery
Add Entrypoints to your Project
Create a Single Entrypoint
Crawler
.HAR file
Creating a .HAR file
API Schema: discovering, configuring
How to Validate Uploaded File: OpenAPI, Swagger, Postman
API Schema Troubleshooting
Entrypoints
Adding a single Entrypoint
Overview Entrypoints
How to Add Bright to the WAF Allowlist
TESTING YOUR TARGETS
Scans Overview
Modern Scan
Legacy Scan
Managing Scans
Creating a Scan
Creating a Legacy Scan
Create Scan By Status
Retesting a Scan
Deleting a Scan
Managing Scan Templates
Troubleshooting Scans
Reviewing Scan Results
Scans Summary
Issues Summary
Reviewing Scan Details
Reviewing Scan History
Modifying Future Scan Settings
Exporting a Scan Report
Reviewing Entrypoints
Advanced Setup
Managing Organization
Managing Organization Members
Managing Organization Groups
Managing Custom Roles
Default Roles
Managing Access Scopes
Organization API Key Scopes
Personal API Key Scopes
Project API Key Scopes
Role Management Scopes
Managing Personal Account
Managing Projects
Managing Bright File Storage
Managing Audit Log
Baseline Parameters
Bright CLI
CLI Overview
Installation Guide
Minimal requirements
Install as standalone
Install as Docker
Install as Helm Chart
Install as NPM / Yarn
Install as Windows installer (MSI)
Supported Versions
Uninstalling Bright-CLI
Command List
Discoveries
Running a Discovery
Stopping a Discovery
Rerunning a Discovery
Polling a Discovery
Entrypoints
Listing Entrypoints
Updating a Host
Polling an Update Host
Repeaters
Initializing the Repeater
Testing Network Connectivity
Scans
Running a Scan
Stopping a Scan
Retesting a Scan
Checking Scan Status
Storage
Uploading an Archive
Configuration Files
Troubleshooting
Standalone executables
Docker
NPM / Yarn
Windows Installer (MSI)
Bright Repeater
Repeaters Overview
Repeater Prerequisites
Managing Repeaters
Scanning at the Enterprise Level
Using Repeater Scripts
HMAC Use Cases
Managing Repeater Scripts
Repeaters Troubleshooting
Bright REST API
REST API Overview
Response Status Codes
Integrations
Integrations Overview
Jira
GitHub
Slack
Azure Boards
GitLab Boards
Snyk Validation Integration
Integrating with the Bright API
Adding an Integration to a Project
Integrating a Project with Webhooks
Configuring Single Sign-On
Okta SSO and Provisioning
Google SSO
Azure AD: Service Provider initiated SSO and Provisioning
Azure AD: Identity Provider initiated SSO
CI/CD Pipeline Integrations
GitHub Actions
CircleCI
Jenkins
Azure Pipelines
Travis CI
JFrog
GitLab
TeamCity
CI/CD Pipeline Integration Examples
Jenkins Integration Examples
Travis CI Integration Examples
GitLab Integration Examples
STAR
Installation
Connecting Code Repository to a Project
Knowledge base
Vulnerabilities Index
Test Buckets
Advanced Attacks
API Attacks
Business Logic Attacks
Client-Side Attacks
CVE Tests
Legacy Attacks
Multiple Authentication Attacks
Server-Side Attacks
List of Vulnerabilities
Amazon AWS S3 bucket takeover
Broken Access Control (BAC)
Broken JWT Authentication
Broken Object Property Authorization
Broken SAML Authentication
Brute Force Login
Business Constraint Bypass
Common Vulnerability Exposure (CVEs)
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (rXSS)
CSS Injection
Database Error Message Disclosure
Default Login Location
Directory Listing
Email Header Injection
Excessive Data Exposure
Exposed Common File
Exposed Database Access
Exposed Database Connection String
Full Path Disclosure
GraphQL Introspection
HTML Injection
ID Enumeration
iFrame Injection (Cross-Frame Scripting)
Improper Assets Management
Insecure HTTP Method
Insecure Output Handling
Insecure TLS Configuration
JavaScript Component with Known Vulnerabilities
Lack of Resources and Rate Limiting
LDAP Error
Local File Inclusion (LFI)
Misconfigured Security Headers
Missing 'httponly' Flag in Cookie
Missing 'secure' Flag in Cookie
MongoDB Injection (NoSQLI injection)
Open Cloud Storage
OS Command Injection
Predictable Cookie Value
Prompt Injection
Prototype Pollution
Remote File Inclusion (RFI)
Secret Tokens Leak
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
SQL Injection
Stored Cross-Site Scripting (pXSS)
Unrestricted File Upload
Unvalidated Date Range
Unvalidated Redirect
Version Control System Exposure
WordPress Component with Known Vulnerabilities
XML External Entity (XXE)
XPath injection
FAQs
Powered by
Automated Run
Updated about 23 hours ago
What’s Next
Manual Run
