Dynamic Application Security Testing (DAST) System

From GM-RKB
Jump to navigation Jump to search

A Dynamic Application Security Testing (DAST) System is a web application security vulnerability testing system.



References

2021

  • (Wikipedia, 2021) ⇒ https://en.wikipedia.org/wiki/Dynamic_application_security_testing Retrieved:2021-3-11.
    • A dynamic application security testing (DAST) tool is a program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. [1] It performs a black-box test. Unlike static application security testing tools, DAST tools do not have access to the source code and therefore detect vulnerabilities by actually performing attacks. DAST tools allow sophisticated scans, detecting vulnerabilities with minimal user interactions once configured with host name, crawling parameters and authentication credentials. These tools will attempt to detect vulnerabilities in query strings, headers, fragments, verbs (GET/POST/PUT) and DOM injection. Customers benefit from the convenience of these applications, while tacitly taking on risk that private information stored in web applications will be compromised through hacker attacks and insider leaks. According to the Privacy Rights Clearinghouse, more than 18 million customer records have been compromised in 2012 due to insufficient security controls on corporate data and web applications.