Dynamic scanning tools are used in penetration testing. Implementing security testing early in the development process, with a focus on understanding vulnerabilities and risks, is crucial for creating a successful security testing solution.
Imagine testing an application’s security without knowing its internal workings or having access to its source code. That’s exactly what Dynamic Application Security Testing, or DAST, does. DAST is a black-box approach that examines the application from the outside in – while it’s running. It simulates a malicious attacker. The goal is to find potential issues that attackers can use to compromise an application.Β
Scott Moore interviews Nuno Loureiro (the CEO from Probely) on this topic.
Key insights on Dynamic Scanning
π‘οΈ The static tool analyzes the code and needs access to the code, while the dynamic tool crawls the application and injects malicious payloads to trigger vulnerabilities.
π» Having a development background is critical for an AppSec engineer to understand vulnerabilities and risks.
π οΈ Implementing testing early on in development phases is crucial, as it is easier to fix vulnerabilities at that stage than in production.
π€ AI has the potential to provide more context and improve the testing of applications in the future.
π΅οΈββοΈ “You can only test what you can see, so if your scanner doesn’t find a section of the application, it’s not going to be tested and vulnerabilities won’t be found.”
π Visualization is crucial in security testing to filter out unnecessary information and highlight the real vulnerabilities.
Sponsors
π₯ Like and Subscribe π₯
The Security Champions show is sponsored by:
π Saltworks Security βΊ https://saltworks.io/
Make sure to visit them and tell them βThank Youβ for making this show possible.
Want to support the show? Buy Me A Coffee! https://bit.ly/3NadcPK
Connect with me π
TWITTER βΊ https://bit.ly/3HmWF8d
LINKEDIN COMPANY βΊ https://bit.ly/3kICS9g
LINKEDIN PROFILE βΊ https://bit.ly/30Eshp7
π Links:
- Scott Moore Consulting: https://scottmoore.consulting
- Perftour Website: https://theperformancetour.com
- SMC Journal: https://smcjournal.com
- DevOps Driving: https://devopsdriving.com
- Security Champions https://thesecuritychampions.com