General DAST Essentials scanner questions
This section describes the technical product terminology.
What is vulnerability scanning?
Vulnerability scanning allows the user to scan software for security vulnerabilities. This can happen on an infrastructure (i.e., network or physical) or application level. DAST Essentials allows its users to scan applications in an automated, agile manner with easy integration in your agile development process.
The manual approach to security testing is called penetration testing. A person performs this service, which takes between 5 and 20 days, depending on the scope of the test. Manual penetration tests often require a specific setup for each test and are incompatible with agile software release processes. However, manual pentesters can cover individual application-specific flaws and test for more OWASP categories, such as Broken Access Control. Insufficient Logging and Monitoring, however, require an internal analysis of the processes and tools.
What does a vulnerability scanner do?
A vulnerability scanner identifies possible attack vectors in the web application or API. The vulnerability scanner then checks whether these attack vectors can be exploited.
Vulnerability scanning can either happen on a non-invasive or invasive basis. It is recommended to only run invasive scans in non-production environments, not to harm live applications. For a complete list of scanners, see list of current scanners.
Why do I need vulnerability scanning?
Vulnerability scanning provides several benefits:
- Ease of use: vulnerability scanners make it simple to set up a test without being a security expert.
- Results within seconds: As the scanners provide results in real-time and operate with parallel requests, the first results are available within seconds of the start.
- Integration in CI/CD-toolchains: due to the frequency of releases in the agile development processes, ensuring every release is tested for security vulnerabilities is vital. This is only possible when security scans can be triggered and evaluated automatically.
- No repeat setup effort: unlike manual security testing, vulnerability scan setup can be configured once and automatically performed on the current software version.
Is it difficult to set up a vulnerability scan?
No. You can set up a target within 2 minutes and get results within 5 minutes. In addition to the first security vulnerabilities, you also receive remediation advice for any found issues.