You've probably heard all about the new and not-so-new technologies in the application security testing space DAST, SAST, RASP, IAST, fuzzing, and SCA. This is probably the oldest technology in this alphabet soup is DAST or Dynamic Analysis Security Testing. DAST works like a "hacker-in-a-box" testing live web applications and web services. It has been around since the mid-1990s.
DAST is naturally focused on finding high-risk issues, performs "end-to-end" testing of each piece of functionality across all layers of an application, and provides a handy proof-of-exploit, making issues much easier to validate and demonstrate than other technologies, like SAST (code scanning). And, while DAST roamed the Internet before Google existed and is ubiquitous in pen-tester arsenals today, it always struggled to find its place in the Software Development Life Cycle (SDLC) processes of most organizations until a few years ago. Its biggest challenge within the SDLC was its need for a target application to be up and running, which often happened quite late in the cycle. And, its biggest challenge for integration with ever-present automated build tools was the need for training the scan how to properly interact with the target application, which was done manually.
from DZone.com Feed https://ift.tt/2oBPP7x
No comments:
Post a Comment