Dynamic Application Security Testing

Mimics the attack methods of malicious hackers

DAST uses penetration testing while web applications are running to simulate an attack by a skilled and motivated attacker.

High in quality, not in cost

We offer this cloud-based managed service through our global Assessment Centers to provide high-quality results that are immediately actionable while greatly reducing false positives. The Customer Assessment Centers also enable you to address occasional peak DAST workload without having to increase your staff. You’ll receive high quality, timely, and actionable assessment results every time.

We use the tools that are best for you (not for us)

Because we are tool-neutral, we’re able to hand-pick the tools that best fit your specific needs—from automated open source, proprietary, and commercial. Our security engineers use these best-in-breed tools to “attack” the target and uncover vulnerabilities in your software.

Choose from 2 depths of dynamic analysis

Essential DAST
A high-level security scan that uses automated tools to identify common vulnerabilities within running web applications or web services without the need for source code. This is ideal for internally facing, low-risk applications that must comply with regulatory security assessments.

Standard DAST
This provides in-depth testing that employs automated scanning and up to 30 different manual test cases customized for the technology platform and risk profile of each application. This is ideal for medium-risk applications and critical applications undergoing minor changes.

We attack the target to uncover hidden vulnerabilities.

We focus on actionable remediation

We offer a thorough analysis of results to provide more accurate findings and fewer false positives than automated scans alone. At the end of each assessment our experts will conduct a read-out call with the appropriate development/security team to review each vulnerability identified during the assessment, answer any questions that the team might have around each vulnerability, and discuss actionable mitigation and remediation strategies.

We’ll never leave you with a laundry list of vulnerabilities.

Our managed services approach includes:

DAST experts. You’ll benefit from our practical operational expertise gained from executing thousands of tests per year for some of the world’s most demanding clients. Plus, you get access to our security experts in our Customer Assessment Centers (CACs), widely respected for their skill and experience. It is our people that truly differentiate us from the competition.

DAST at scale. We help you implement, enhance, and scale a testing program that spans the breadth and depth of your application portfolio.

Remediation guidance. During a live read-out, our experts walk your developers and/or application stakeholders through our remediation guidance so you can fix what we find. We also provide additional on-demand support through our Remediation Help Desk.