Fluid Attacks’ Dynamic Application Security Testing (DAST) detects known and zero-day security vulnerabilities in your applications while they are running. This form of black-box testing (not requiring access to the source code), aims to rapidly find weaknesses in your software that could be exploited by malicious hackers. DAST is a technique with good results detecting flaws related to data, deployment configuration and the business logic of the applications, and it works independently of the language in which the software was developed. All automatic DAST is supported by the manual pentesting work of our experienced red team members who are continuously improving testing technologies and methodologies.
These are the benefits of DAST
Simulation of attacks
Through this outside-in technique, we can simulate potential malicious hackers’ interactions with your applications, observing how the latter would respond to attacks from the former, in order to detect vulnerabilities not found through other types of methodologies.
Testing from early stages
While the DAST technique is applied in many cases on a running application after production, in DevSecOps, it can be moved to the left to detect vulnerabilities earlier in internal pre-production environments, thus saving time and money.
Minimal rates of false positives
Fluid Attacks’ ethical hackers continuously verify what is automatically obtained in this technique, and complement the evaluations with manual DAST to achieve very low rates of false positives.
Scanning based on standards
Thanks to DAST assessments and reports, and following the necessary remediation procedures, you will be able to comply with various policies and regulations (e.g., OWASP, PCI DSS, NIST, HIPAA, CWE, GDPR, CAPEC, NERC, ISO27K), which you can define as required.
Assessments considering changes
Our hackers’ efforts allow the DAST evaluations to be executed incrementally according to your application’s evolution in your SDLC. In other words, after an overall analysis and in order to avoid delays, we look for vulnerabilities only in sectors which have been modified in the application (always with several hackers attacking the same target several times).
Low rates of false negatives
A DAST technique performed both automatically and manually allows us to guarantee low rates of false negatives, contrary to what can be achieved by companies that depend exclusively on tools.
An element of comprehensive tests
The DAST technique can be complemented by other techniques used in Fluid Attacks, such as SAST, SCA, RE and MPT, to constitute a comprehensive application security testing.