Dynamic application security testing: Difference between revisions

Content deleted Content added
m Rephrased and simplified intro (can still use some TLC) — I protest Wikipedia forcing contributors off VPNs
JBayl (talk | contribs)
Link suggestions feature: 3 links added.
Tags: Visual edit Mobile edit Mobile web edit Newcomer task Suggested: add links
 
(3 intermediate revisions by 2 users not shown)
Line 1:
{{Short description|Testing process to determine security weaknesses}}
'''Dynamic application security testing''' ('''DAST''') represents a [[non-functional testing]] process to identify security weaknesses and vulnerabilities in an application. This testing process can be carried out either manually or by using automated tools. Manual assessment of an application involves human intervention to identify the security flaws which might slip from an automated tool. Usually [[business logic]] errors, [[race condition]] checks, and certain [[Zero-day vulnerability|zero-day vulnerabilities]] can only be identified using manual assessments.
 
On the other side, a DAST tool is a program which communicates with a [[web application]] through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses.<ref>[http://projects.webappsec.org/w/page/13246986/Web%20Application%20Security%20Scanner%20Evaluation%20Criteria Web Application Security Scanner Evaluation Criteria version 1.0], WASC, 2009</ref> It performs a [[black-box]] test. Unlike [[static application security testing]] tools, DAST tools do not have access to the source code and therefore detect [[Vulnerability (computing)|vulnerabilities]] by actually performing attacks.
 
DAST tools allow sophisticated scans, detecting vulnerabilities with minimal user interactions once configured with host name, crawling parameters and authentication credentials. These tools will attempt to detect vulnerabilities in query strings, headers, fragments, verbs (GET/POST/PUT) and DOM injection.
Line 14:
Open-source scanners are often free of cost to the user.
 
===DAST strengthsStrengths===
These tools can detect vulnerabilities of the finalized [[release candidate]] versions prior to shipping. Scanners simulate a malicious user by attacking and probing, identifying results which are not part of the expected result set, allowing for a realistic attack simulation.<ref>{{Cite web|title=SAST vs DAST|url=https://research.g2.com/insights/sast-vs-dast|url-status=live|website=G2 Research Hub|archive-url=https://web.archive.org/web/20200503220256/https://research.g2.com/insights/sast-vs-dast |archive-date=2020-05-03 }}</ref> The big advantage of these types of tools are that they can scan year-round to be constantly searching for vulnerabilities. With new vulnerabilities being discovered regularly this allows companies to find and patch vulnerabilities before they can become exploited.<ref>{{Cite web|title=The Importance of Regular Vulnerability Scanning|url=https://appcheck-ng.com/importance-of-vulnerability-scanning/|url-status=live|website=AppCheck Ltd|archive-url=https://web.archive.org/web/20200806101730/https://appcheck-ng.com/importance-of-vulnerability-scanning/ |archive-date=2020-08-06 }}</ref>
 
As a dynamic testing tool, web scanners are not language-dependent. A web application scanner is able to scan engine-driven web applications. Attackers use the same tools, so if the tools can find a vulnerability, so can attackers.<ref>{{Cite web |last=Bashvitz |first=Gadi |title=DAST Pros and Cons |url=https://brightsec.com/blog/dast-dynamic-application-security-testing/ |access-date=2023-03-21 |website=Bright Security}}</ref>
 
===DAST weaknessesWeaknesses===
While scanning with a DAST tool, data may be overwritten or malicious payloads injected into the subject site. Sites should be scanned in a production-like but non-production environment to ensure accurate results while protecting the data in the production environment.