Excluding URLs From Being Scanned

In some situations specific URLs need to be excluded from DAST scans. This can include areas of the application which are out of scope, such as documentation endpoints, or in larger applications this may be necessary because the DAST scans need to be segmented by specific application areas. For example testing the main site vs an admin sub-section of the site.

The --excludeUrlsFile parameter allows a specific set of URLs to be excluded from the DAST scan. Specific examples can be found under the DAST integration readme.