Content deleted Content added
No edit summary |
Team Hunky (talk | contribs) →DAST strengths: Added more information regarding a strength and added another major strength with citations. |
||
Line 50:
===DAST strengths===
These tools can detect vulnerabilities of the finalized [[release candidate]] versions prior to shipping. Scanners simulate a malicious user by attacking and probing, identifying results which are not part of the expected result set, allowing for a realistic attack simulation.<ref>{{Cite web|title=SAST vs DAST|url=https://research.g2.com/insights/sast-vs-dast|url-status=live|website=G2 Research Hub}}</ref> The big advantage of these types of tools are that they can scan year-round to be constantly searching for vulnerabilities. With new vulnerabilities being discovered regularly this allows companies to find and patch vulnerabilities before they can become exploited.<ref>{{Cite web|title=The Importance of Regular Vulnerability Scanning|url=https://appcheck-ng.com/importance-of-vulnerability-scanning/|url-status=live|website=AppCheck Ltd}}</ref>
As a dynamic testing tool, web scanners are not language-dependent. A web application scanner is able to scan engine-driven web applications. Attackers use the same tools, so if the tools can find a vulnerability, so can attackers.
| |||