Difference between revisions of "Dynamic Application Security Testing"

• Cross-site scripting
• Injection: Injection flaws, such as SQL injection, NoSQL, OS, and LDAP injection.
• Path disclosure
• Denial-of-service
• Code execution
• Memory corruption
• Cross-site request forgery
• Information disclosure
• Arbitrary file
• Local file inclusion
• Remote file inclusion
• Buffer overflow

As of 2019 there is no Synopsys DAST on-premises product.

Software

• GitLab Ultimate since January 2018 10.4 https://about.gitlab.com/releases/2018/01/22/gitlab-10-4-released/, https://docs.gitlab.com/ee/user/application_security/dast/
• OWASP ZAP

Related terms

• Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx

See also

• Security scanners
• Application Security Testing
• Manual Penetration Testing (MPT)
• DAST, SQL injection, Denial-of-service attack (DoS attack), Buffer overflow
• Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx