Dynamic scanning tools are used in penetration testing. Implementing security testing early in the development process, with a focus on understanding vulnerabilities and risks, is crucial for creating a successful security testing solution.

Imagine testing an application’s security without knowing its internal workings or having access to its source code. That’s exactly what Dynamic Application Security Testing, or DAST, does. DAST is a black-box approach that examines the application from the outside in – while it’s running. It simulates a malicious attacker. The goal is to find potential issues that attackers can use to compromise an application.Β 

Scott Moore interviews Nuno Loureiro (the CEO from Probely) on this topic.

Key insights on Dynamic Scanning

πŸ›‘οΈ The static tool analyzes the code and needs access to the code, while the dynamic tool crawls the application and injects malicious payloads to trigger vulnerabilities.
πŸ’» Having a development background is critical for an AppSec engineer to understand vulnerabilities and risks.
πŸ› οΈ Implementing testing early on in development phases is crucial, as it is easier to fix vulnerabilities at that stage than in production.
πŸ€– AI has the potential to provide more context and improve the testing of applications in the future.
πŸ•΅οΈβ€β™‚οΈ “You can only test what you can see, so if your scanner doesn’t find a section of the application, it’s not going to be tested and vulnerabilities won’t be found.”
πŸ“Š Visualization is crucial in security testing to filter out unnecessary information and highlight the real vulnerabilities.


πŸ”₯ Like and Subscribe πŸ”₯

The Security Champions show is sponsored by:

πŸ’™ Saltworks Security β–Ί https://saltworks.io/

Make sure to visit them and tell them β€œThank You” for making this show possible.

Want to support the show? Buy Me A Coffee! https://bit.ly/3NadcPK

Connect with me πŸ‘‹
TWITTER β–Ί https://bit.ly/3HmWF8d
LINKEDIN COMPANY β–Ί https://bit.ly/3kICS9g
LINKEDIN PROFILE β–Ί https://bit.ly/30Eshp7

πŸ”— Links: