Is vulnerability testing using commercial DAST tool helpful for SharePoint online applications

Copper Contributor

Hi All

 

Please help me understand if I should implement commercial DAST tool for dynamic testing of SharePoint Online applications build using client side frameworks (knowing that M365 products internally take care of endpoint and network securities using Microsoft Defender and Endpoint Manager, Azure Firewall & DDoS Protection. Please advise. 

2 Replies

@vijayysisodia Vulnerability scanning using DAST tool is not supported for Microsoft 365 apps. This is what I observed post connecting with TP vendors e.g. Veracode and Burp Suite Professional. 

@vijayysisodia What tool are you using for DAST for Sharepoint. We are planning to perform DAST for D365 ERP and want to check on Veracode.