Is vulnerability testing using commercial DAST tool helpful for SharePoint online applications

%3CLINGO-SUB%20id%3D%22lingo-sub-2126733%22%20slang%3D%22en-US%22%3EIs%20vulnerability%20testing%20using%20commercial%20DAST%20tool%20helpful%20for%20SharePoint%20online%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2126733%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20help%20me%20understand%20if%20I%20should%20implement%20commercial%20DAST%20tool%20for%20dynamic%20testing%20of%20SharePoint%20Online%20applications%20build%20using%20client%20side%20frameworks%20(knowing%20that%20M365%20products%20internally%20take%20care%20of%20endpoint%20and%20network%20securities%20using%20Microsoft%20Defender%20and%20Endpoint%20Manager%2C%20Azure%20Firewall%20%26amp%3B%20DDoS%20Protection.%20Please%20advise.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2126733%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi All

 

Please help me understand if I should implement commercial DAST tool for dynamic testing of SharePoint Online applications build using client side frameworks (knowing that M365 products internally take care of endpoint and network securities using Microsoft Defender and Endpoint Manager, Azure Firewall & DDoS Protection. Please advise. 

1 Reply

@vijayysisodia Vulnerability scanning using DAST tool is not supported for Microsoft 365 apps. This is what I observed post connecting with TP vendors e.g. Veracode and Burp Suite Professional.