DAST Detectors
The DAST scanner uses two complementary detection sources:
Active and passive scan rules
Numeric IDs (e.g., 40018, 40012)
Injection, XSS, authentication issues, security misconfigurations — over 200 detectors
Vulnerability check (--vuln-check)
vuln/ prefix (e.g., vuln/CVE-2021-44228)
Known CVEs, misconfigurations, and exposures matched by template signatures
Both sources produce findings in the same report. Each detector is mapped to a CWE identifier, and — where applicable — to the matching NIST 800-53, SANS Top 25, and PCI DSS controls, so DAST results can be traced directly to compliance requirements. Detectors also include remediation guidance.
The full detector list with descriptions and references is published at detectors.xygeni.io.
Last updated