Dynamic Application Security Testing
GPTKB entity
Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
security testing methodology
|
gptkbp:abbreviation |
gptkb:DAST
|
gptkbp:analyzes |
applications in real-time
|
gptkbp:canAutomate |
yes
|
gptkbp:category |
black-box testing
|
gptkbp:compatibleWith |
access to source code
|
gptkbp:complement |
gptkb:Static_Application_Security_Testing
gptkb:Interactive_Application_Security_Testing |
gptkbp:detects |
gptkb:cross-site_scripting
SQL injection authentication issues authorization issues runtime vulnerabilities server misconfigurations |
gptkbp:focusesOn |
identifying vulnerabilities in running applications
|
gptkbp:goal |
find vulnerabilities before deployment
|
https://www.w3.org/2000/01/rdf-schema#label |
Dynamic Application Security Testing
|
gptkbp:integratesWith |
CI/CD pipelines
|
gptkbp:limitation |
may generate false positives
may miss business logic flaws requires running application |
gptkbp:notableTool |
gptkb:Burp_Suite
gptkb:AppScan gptkb:OWASP_ZAP gptkb:Acunetix gptkb:Netsparker |
gptkbp:output |
security reports
vulnerability findings |
gptkbp:partOf |
software development lifecycle
|
gptkbp:performedAt |
application runtime
|
gptkbp:performedBy |
security professionals
automated tools |
gptkbp:recognizedBy |
security misconfigurations
improper error handling exposed sensitive data insecure communications |
gptkbp:relatedStandard |
gptkb:OWASP
gptkb:NIST |
gptkbp:requires |
test environment
deployed application |
gptkbp:scope |
network communications
external interfaces user inputs |
gptkbp:usedBy |
gptkb:DevSecOps_teams
QA teams penetration testers |
gptkbp:usedFor |
web application security
API security |
gptkbp:bfsParent |
gptkb:File_Inclusion_Attacks
|
gptkbp:bfsLayer |
5
|