PROACTIVE RISK
  • About
    • 800 lb Gorilla
    • Our Manifesto
    • Simple Agreements >
      • Mutual Confidentiality and Non Disclosure Agreement
      • Master Agreement | Work Order
    • BLOG
    • Capabilities Summary
    • Request Support
    • Contact Us
  • SOLUTIONS
    • Fractional CIO/CISO
    • Cyber Recruiter
    • Threat Modeling
    • Policies and Plans
    • MonitorIT®
    • Software Development
    • Domains | DNS
    • PhishIT®
    • MeasureRISK®
    • Vendor Risk
    • CATSCAN®
    • Physical Security
    • Backup Resiliency
    • ProtectIT®
    • ManageIT®
    • FINDIT® >
      • RAPTOR eDiscovery
  • RESOURCES
    • Tech News
    • Videos
    • Store
    • Guides | Tools
    • STAFF

GRAY BEARD BLOG

SHARING RANDOM THOUGHTS ON TECH

What is DAST?

2/18/2023

 
Dynamic Application Security Testing (DAST) is a type of security testing that evaluates the security of web applications while they are running. In the context of a service provider selling DAST to a buyer, the service would involve the following steps:
  1. Scope Definition: Proactive Risk as a example and buyer would define the scope of the testing by identifying the web applications to be tested, the specific vulnerabilities to be tested for, and the desired level of testing coverage.
  2. Tool Selection: Proactive Risk would select the appropriate tools and technologies for the DAST service based on the scope of the testing. These tools would be used to automate the testing process and provide accurate and detailed results.
  3. Testing Execution: Once the scope and tools have been defined, the service provider would begin the testing process. This involves running the selected DAST tools against the web applications to identify potential vulnerabilities, such as SQL injection or cross-site scripting.  A popular measurement is the OWASP Top 10 or OWASP ASVS.
  4. Vulnerability Analysis: After the testing has been completed, the service provider would analyze the results to determine which vulnerabilities were detected and the level of severity of each vulnerability. They would also prioritize vulnerabilities based on the level of risk they pose.
  5. Reporting: The service provider would create a report detailing the vulnerabilities identified during the testing process. This report would include a summary of the findings, detailed descriptions of each vulnerability, and recommendations for how to address each vulnerability.
  6. Remediation: Based on the results of the testing and the report provided by the service provider, the buyer would take steps to address the vulnerabilities. This might involve patching software, updating configurations, or modifying user permissions.
  7. Retesting: Once the vulnerabilities have been addressed, the Proactive Risk will conduct a follow-up DAST service to confirm that the vulnerabilities have been successfully remediated.
Overall, DAST is a critical component of any web application security program, and a service provider can provide valuable expertise and experience to ensure that the buyer's web applications are secure and protected from potential threats. By offering a comprehensive DAST service, Proactive Risk can help our customers to identify and mitigate potential security risks, and ultimately enhance the overall security and resilience of their web applications.

For more information about our CATSCAN service contact us

    Tom Brennan

    This is my blog, there are many like it but this one is mine. Enjoy.

    View my profile on LinkedIn

    BLOG Archives

    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    August 2022
    April 2022
    August 2021
    March 2021
    January 2021
    August 2020

    Categories

    All
    CMMC
    COMMUNITY
    TECHTIP

    RSS Feed

Contact Info

Proactive Risk Inc.
Tel: +1 (973) 298-1160
Web: www.proactiverisk.com
eMail: sales(at)proactiverisk.com

CONTACT US
Picture
© COPYRIGHT 2023. ALL RIGHTS RESERVED.
  • About
    • 800 lb Gorilla
    • Our Manifesto
    • Simple Agreements >
      • Mutual Confidentiality and Non Disclosure Agreement
      • Master Agreement | Work Order
    • BLOG
    • Capabilities Summary
    • Request Support
    • Contact Us
  • SOLUTIONS
    • Fractional CIO/CISO
    • Cyber Recruiter
    • Threat Modeling
    • Policies and Plans
    • MonitorIT®
    • Software Development
    • Domains | DNS
    • PhishIT®
    • MeasureRISK®
    • Vendor Risk
    • CATSCAN®
    • Physical Security
    • Backup Resiliency
    • ProtectIT®
    • ManageIT®
    • FINDIT® >
      • RAPTOR eDiscovery
  • RESOURCES
    • Tech News
    • Videos
    • Store
    • Guides | Tools
    • STAFF