Dynamic Application Security Testing
GPTKB entity
Statements (51)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security_testing_methodology
|
| gptkbp:abbreviation |
gptkb:DAST
|
| gptkbp:analyzes |
applications in real-time
|
| gptkbp:canAutomate |
yes
|
| gptkbp:category |
black-box testing
|
| gptkbp:compatibleWith |
access to source code
|
| gptkbp:complement |
gptkb:Static_Application_Security_Testing
gptkb:Interactive_Application_Security_Testing |
| gptkbp:detects |
gptkb:cross-site_scripting
SQL injection authentication issues authorization issues runtime vulnerabilities server misconfigurations |
| gptkbp:focusesOn |
identifying vulnerabilities in running applications
|
| gptkbp:goal |
find vulnerabilities before deployment
|
| gptkbp:integratesWith |
CI/CD pipelines
|
| gptkbp:limitation |
may generate false positives
may miss business logic flaws requires running application |
| gptkbp:notableTool |
gptkb:Burp_Suite
gptkb:AppScan gptkb:OWASP_ZAP gptkb:Acunetix gptkb:Netsparker |
| gptkbp:output |
security reports
vulnerability findings |
| gptkbp:partOf |
software development lifecycle
|
| gptkbp:performedAt |
application runtime
|
| gptkbp:performedBy |
security professionals
automated tools |
| gptkbp:recognizedBy |
security misconfigurations
improper error handling exposed sensitive data insecure communications |
| gptkbp:relatedStandard |
gptkb:OWASP
gptkb:NIST |
| gptkbp:requires |
test environment
deployed application |
| gptkbp:scope |
network communications
external interfaces user inputs |
| gptkbp:usedBy |
gptkb:DevSecOps_teams
QA teams penetration testers |
| gptkbp:usedFor |
web application security
API security |
| gptkbp:bfsParent |
gptkb:DAST
gptkb:Static_Application_Security_Testing |
| gptkbp:bfsLayer |
6
|
| https://www.w3.org/2000/01/rdf-schema#label |
Dynamic Application Security Testing
|