Dynamic Analysis

About

Dynamic Application Security Testing (DAST) is another testing method that uses a black-box approach, assuming the testers don’t have access or knowledge of the application’s source code or its inner functionality. They test the application from outside using the available outputs and inputs [1].

Lists

Analysis Tools (web): curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

Popular products and solutions

Veracode

Veracode offers intelligent software security to continuously find and fix flaws at every stage of the modern software development lifecycle.

Pricing

• Demo must be requested...

More info: veracode.com/contact-us

Solutions/Products:

• Veracode Dynamic Analysis: Scan hundreds of web applications and APIs simultaneously. Leverage a dynamic analysis tool with a low false-positive rate to make it easy for security and development teams to understand what matters most. Empower the Team.

• Other solutions/products & services can be found in the official page.

Official page: veracode.com/

invicti

invicti is a well-known enterprise with a "Application Security Testing" product that provides "Application security with zero noise".

Pricing

• Free trial

• Other paid plans (Pro and Enterprise)

More info: invicti.com/plans/

Solutions/Products

• invicti (cloud or on-premises):

  • Automate security throughout your SDLC

  • See the complete picture of your app security

  • Find the vulnerabilities other tools miss

  • Manage risk like a team 10x your size

  • Prevent vulnerabilities by producing more secure code

  • Seamlessly integrate with your current systems

Official page: invicti.com

Probely

Probely is a well-known enterprise with a "Web application and API vulnerability scanner" product for several purposes.

Pricing

• Free "lite plan"

• Other paid plans (Pro and Enterprise)

More info: probely.com/pricing/

Solutions/Products

• Probely:

  • Web Application Vulnerability Scanner

  • API Vulnerability Scanner

  • DevOps-Centric

  • Relevant Findings

  • CI/CD Integration

  • Compliance: PCI-DSS, OWASP TOP 10, ISO27001, HIPAA, and GDPR standards

  • Next-Generation Spider

Official page: probely.com/

HCL AppScan

AppScan from HCL is a market-leading application security solutions (SAST, DAST, IAST, SCA, API).

Pricing

• Free trial

• Request a demo or talk with sales...

More info: hcltechsw.com/appscan/contact-us

Solutions/Products

• AppScan on Cloud:

  • A comprehensive, cloud-based application security solution that provides the speed and accuracy of AppScan in a powerful, easy to consume service.

• AppScan Enterprise:

  • Perform large scale application scanning, mitigate vulnerabilities, and achieve regulatory compliance.

• AppScan Standard:

  • Identify, understand and remediate application vulnerabilities.

• AppScan Source:

  • Identify and remediate security vulnerabilities early in the development cycle using static application security testing.

Official page: hcltechsw.com/appscan

Synopsis WhiteHat Dynamic

WhiteHat Dynamic from Synopsys is part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.

Pricing

• Request a demo or talk with sales...

More info: probely.com/pricing/

• Demo: https://www.synopsys.com/software-integrity/security-testing/dast/demo.html

• Sales: https://www.synopsys.com/software-integrity/security-testing/dast/get-pricing.html

Solutions/Products

• WhiteHat Dynamic:

  • Verify coverage of the OWASP Top 10

  • Get verified and actionable results with near-zero false positives

  • Find the vulnerabilities in your applications

  • Cloud-based

  • Production safe

  • Always on

  • Powered by AI

Official page: https://www.synopsys.com/software-integrity/security-testing/dast.html

Other Tools / Solutions / Products

• Acunetix (by invicti): Acunetix is a web vulnerability solution for securing your websites, web applications, and APIs.

• Fortify DAST (by opentext): Integrated dynamic application security testing (DAST) tools with the breadth of coverage needed to support modern applications.

• Qualys SSL Labs Scan (web): A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

• Selefra (web): open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

• Palo Alto Networks - Prisma Cloud: Cloud-Native Application Protection Platform (CNAPP). Secures applications from code to cloud, enabling security and DevOps teams to effectively collaborate to accelerate secure cloud-native application development and deployment.

• Security Headers (web): quickly and easily assess the security of your HTTP response headers.

• PortSwigger Burp Suite:

  • Community Edition

  • Professional Edition

  • Enterprise Edition

• OWASP Zed Attack Proxy (ZAP) (web): one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers.

• ClickJacker - Clickjacking tool: tests, quick PoCs, tutorials and docs about clickjacking.

• Mass HTTP: Visual Attack Surface & HTTP Probe on your fingertips.

• Imperva Automatic API Attack Tool (⚠️): customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

• Gauntlt (web) (⚠️): a ruggedization framework that embodies the principle "be mean to your code".

• Netz (⚠️): discover internet-wide misconfigurations. Verify your assets are not blindly open.

Sources

• [1]: SAST vs DAST: What's Better for Application Security Testing? - Geekflare