# DAST Risks The **Risks (DAST) page** can be accessed by selecting the DAST option in the [**Risks**](/xygeni-products/application-security-posture-management-aspm/all-risks.md) tab. This tab offers an in-depth overview of all DAST security issues, clearly presented for ease of assessment. {% hint style="info" %} Xygeni provides two functionalities related to DAST scanning: 1. Xygeni provides a [DAST Scanner](/xygeni-products/dast-security/dast-scanner.md) that can perform dynamic analysis over your web applications and REST APIs. Please visit [Xygeni DAST Scanner](/xygeni-products/dast-security/dast-scanner.md) for further information. 2. Xygeni also provides the functionality to [import scan results from 3rd-party tools](/xygeni-products/application-security-posture-management-aspm/importing-reports-from-3rd-party-tools/dast-report-import.md). This way, you can integrate 3rd-party DAST data into Xygeni and benefit from the [Xygeni ASPM](/xygeni-products/application-security-posture-management-aspm.md) functionalities. {% endhint %} By default, this page will display all the DAST issues, regardless of the tool that found the issues (Xygeni DAST Scanner or any other 3rd party tool such as OWASP ZAP or Acunetix). If you click on **More filter fields**, you can find the **Tools** filter where you can select a tool and only those issues reported by the selected tool will be displayed. {% hint style="info" %} You can reach the **Risks (DAST)** results under DAST >> Risks (DAST) section. {% endhint %} ## Vulnerability Details Each DAST vulnerability includes the following information: * **Kind**: The vulnerability type (e.g., SQL Injection, Cross-Site Scripting). * **Severity**: The risk level (`critical`, `high`, `low`, or `info`). * **Confidence**: How confident the scanner is in the finding (`low`, `medium`, `high`, or `highest`). * **URL**: The affected endpoint. * **Method**: The HTTP method used (GET, POST, etc.). * **Parameter**: The vulnerable parameter name. * **Evidence**: The attack payload or proof string. * **CWE**: The associated Common Weakness Enumeration identifier. * **Compliance mappings**: Where applicable, findings carry the matching **NIST 800-53**, **SANS Top 25**, and **PCI DSS** controls so DAST results can be traced directly to compliance requirements. * **HTTP Request/Response**: Full request and response details for reproducing the issue (captured by the active/passive scanner and by the vulnerability check, when available). * **Potential PoC**: A best-effort proof-of-concept for the finding, including a `curl` command and an `expect` block (`status`, `bodyContains`, `bodyRegex`, `headerContains`) that describes how to recognise the vulnerable response. Each PoC carries a **confidence** score: `high` for deterministic matchers (vuln-check templates) and reflective findings where the evidence appears in the response body, or `low` for behavioural detections (timing, blind injection, auth bypass) — in the latter case the `notes` field explains the limitation. ## Severity Levels DAST findings are mapped to four severity levels: | Severity | Description | | ------------ | ---------------------------------------------------------------------------------------------------- | | **Critical** | High-risk vulnerabilities that are directly exploitable (e.g., SQL Injection, Remote Code Execution) | | **High** | Medium-risk issues that may lead to data exposure or further exploitation (e.g., XSS, CSRF) | | **Low** | Low-risk issues with limited impact (e.g., cookie without secure flag) | | **Info** | Informational findings that may indicate areas for improvement (e.g., missing headers) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.xygeni.io/xygeni-products/dast-security/dast-user-interface-guide/risks-dast.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.