Skip to main content

Dynamic Application security testing

 


Dynamic Application Security Testing (DAST)

DAST is also a very crucial application security testing procedure. It works in a way that can investigate applications while they are running to detect security vulnerabilities. It is a fact that the vulnerabilities and threats are growing at a rapid scale and this is the only reason why businesses consider deploying DAST.

Why is it necessary?

Now, though web applications suffer attacks as a major threat, these aren’t as deadly as ransomware. The most common way that web applications have security issues is via SQL injection.

The next common way hackers use to take advantage of the vulnerabilities is cross-site scripting. The hackers inject their codes in the web applications through which they steal confidential data, cookies, and credentials.

There are two different types of DAST testing. They are:

  • 🕳  Automated DAST

DAST scanners are mostly activated by crawlers. Such crawlers use bots to scan through websites automatically and logs every page of the application. Further, the security testing setup audits the entire web application for any possible vulnerability. This audit even includes checking for brute force attacks too.

Now, such an automated DAST can detect many different kinds of vulnerabilities. 

  • 🕳  Manual DAST

Automated DAST and or SAST are good for regular security checks. But context-based business logic vulnerabilities requires human intervention.

The tester has understood the context of the application and then create test cases to change the response manually that is exchanged between the browser and the server. This opens up a huge prospect of exploring all the vulnerabilities and working on mitigating them.

🕳  Static Application security testing 

Comments

Post a Comment

Popular posts from this blog

SMS bombing, Call Bombing, pranks with friends using termux app

  This is only for educational purposes Don't misuse it  The script requires working network connection to work. No balance will be deducted for using this script to send SMS/calls. While doing infinite bombing use 2-3 seconds delay and 10 to 20 threads for maximum performance. Don't put spaces in between phone number (Ex- 99999 99999) Make sure you are using the latest version of TBomb Make sure you are using Python3. $ python -V If output looks like Python 3 - Congrats, Python 3 is installed properly. 👉 Do not use this to harm others. 👉 This script is only for educational purposes or to prank. 👉 None of the developers/contributors are responsible for the misuse of TBomb. Features: 👉 Lots of integrated SMS/call APIs 👉 Unlimited (Limited against abusing) and super-fast bombing 👉 International bombing available (APIS Dead. Try Your Luck.) 👉 Call bombing 👉 Frequent updates 👉 Automatic updating mechanism 👉 Easy to use and embed in code        ...
Post a Comment
Read more

Top most dangerous computer viruses 😮😮😲

  1. ILOVEYOU ILOVEYOU is  considered one of the most virulent computer virus ever created . It managed to wreck havoc on computer systems all over the world with around  $10 billion  worth of damages. 10% of the world’s computers were believed to have been infected. It was so bad that governments and large corporations took their  mailing system offline  to prevent infection.  The virus was created by two Filipino programers, Reonel Ramones and Onel de Guzman. What it did was  use social engineering to get people to click on the attachment ; in this case,  a love confession . The attachment was actually a script that poses as a TXT file, due to Windows at the time hiding the actual extension of the file. Once clicked, it will send itself to everyone in the user’s mailing list and proceed to overwrite files with itself, making the computer unbootable. The two were  never charged,  as there were no laws about malware.  This led ...
2 comments
Read more