PROACTIVERISK
  • ๐Ÿ‘ฅ About
    • Mission | People
    • Capabilities Statement
    • Blog
    • 800 lb Gorilla
    • Press & Events
    • Videos
    • Careers
    • Books & Tools
    • Referral Program
    • Portals > >
      • Client Portal
      • Staff Portal
  • ๐Ÿ” Assess
    • Compliance Oversight
    • AI Investigate
    • Offensive Assessments
    • Continuous Testing
    • 365 Assess
    • Industrial Controls
    • Digital Evidence
    • Threat Modeling
  • ๐Ÿง Train
    • KaliGPT
    • Instructor Led Training
    • Generative AI
    • Table Top Exercises
    • Talent Acquisition
    • Security Awareness as a Service
  • ๐Ÿ› ๏ธ Manage
    • Cybersecurity Leadership
    • IT Services
    • Integrated Security
    • 365 Protect
    • ContinuityXpert
    • Domains | DNS
    • InboxSafe
    • Supply Chain Risk Management
    • copiers
    • CYBER TRAFFIC FILTER
    • Custom Software
  • ๐Ÿญ Industry
    • State and Local Gov.
    • Legal and Accounting Firms:
    • Financial Technology
    • Healthcare

GRAY BEARD BLOG

SHARING RANDOM THOUGHTS ON TECH

What is DAST?

2/18/2023

 
Dynamic Application Security Testing (DAST) is a type of security testing that evaluates the security of web applications while they are running. In the context of a service provider selling DAST to a buyer, the service would involve the following steps:
  1. Scope Definition: Proactive Risk as a example and buyer would define the scope of the testing by identifying the web applications to be tested, the specific vulnerabilities to be tested for, and the desired level of testing coverage.
  2. Tool Selection: Proactive Risk would select the appropriate tools and technologies for the DAST service based on the scope of the testing. These tools would be used to automate the testing process and provide accurate and detailed results.
  3. Testing Execution: Once the scope and tools have been defined, the service provider would begin the testing process. This involves running the selected DAST tools against the web applications to identify potential vulnerabilities, such as SQL injection or cross-site scripting.  A popular measurement is the OWASP Top 10 or OWASP ASVS.
  4. Vulnerability Analysis: After the testing has been completed, the service provider would analyze the results to determine which vulnerabilities were detected and the level of severity of each vulnerability. They would also prioritize vulnerabilities based on the level of risk they pose.
  5. Reporting: The service provider would create a report detailing the vulnerabilities identified during the testing process. This report would include a summary of the findings, detailed descriptions of each vulnerability, and recommendations for how to address each vulnerability.
  6. Remediation: Based on the results of the testing and the report provided by the service provider, the buyer would take steps to address the vulnerabilities. This might involve patching software, updating configurations, or modifying user permissions.
  7. Retesting: Once the vulnerabilities have been addressed, the Proactive Risk will conduct a follow-up DAST service to confirm that the vulnerabilities have been successfully remediated.
Overall, DAST is a critical component of any web application security program, and a service provider can provide valuable expertise and experience to ensure that the buyer's web applications are secure and protected from potential threats. By offering a comprehensive DAST service, Proactive Risk can help our customers to identify and mitigate potential security risks, and ultimately enhance the overall security and resilience of their web applications.

For more information about our CATSCAN service contact us

Comments are closed.

    Categories

    All
    CMMC
    COMMUNITY
    TECHTIP

    Tom Brennan

    This is my blog, there are many like it but this one is mine. Enjoy.

    View my profile on LinkedIn

    BLOG Archives

    June 2025
    May 2025
    February 2025
    January 2025
    November 2024
    August 2024
    June 2024
    May 2024
    April 2024
    February 2024
    January 2024
    December 2023
    November 2023
    September 2023
    August 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    August 2022
    April 2022
    August 2021
    March 2021
    January 2021
    August 2020

    RSS Feed

Contact Us
Proactive Risk
Adversaries Plan. We Preempt.
​​ 
290 W Mt. Pleasant Ave, Suite 11309
Livingston, NJ 07039

☎️ 973-298-1160 | GPS Map
Client Portal
ManageIT Remote

​© COPYRIGHT 2025. ALL RIGHTS RESERVED.
  • ๐Ÿ‘ฅ About
    • Mission | People
    • Capabilities Statement
    • Blog
    • 800 lb Gorilla
    • Press & Events
    • Videos
    • Careers
    • Books & Tools
    • Referral Program
    • Portals > >
      • Client Portal
      • Staff Portal
  • ๐Ÿ” Assess
    • Compliance Oversight
    • AI Investigate
    • Offensive Assessments
    • Continuous Testing
    • 365 Assess
    • Industrial Controls
    • Digital Evidence
    • Threat Modeling
  • ๐Ÿง Train
    • KaliGPT
    • Instructor Led Training
    • Generative AI
    • Table Top Exercises
    • Talent Acquisition
    • Security Awareness as a Service
  • ๐Ÿ› ๏ธ Manage
    • Cybersecurity Leadership
    • IT Services
    • Integrated Security
    • 365 Protect
    • ContinuityXpert
    • Domains | DNS
    • InboxSafe
    • Supply Chain Risk Management
    • copiers
    • CYBER TRAFFIC FILTER
    • Custom Software
  • ๐Ÿญ Industry
    • State and Local Gov.
    • Legal and Accounting Firms:
    • Financial Technology
    • Healthcare