What is web application security testing technology?

In order to find software vulnerabilities and defects , Make sure Web The application is secure before and after delivery , We need to make use of Web Apply security testing techniques to identify Web Weaknesses and vulnerabilities of the architecture in the application , And before hackers can find and use them .  

Web After years of development, applied security testing technology , At present, the commonly used technologies in the industry are mainly divided into 3 Major categories .  

DAST：

Dynamic application security testing （Dynamic Application Security Testing） Technology analyzes the dynamic running state of an application in the test or run phase . It simulates hackers to attack applications dynamically , Analyze the response of the application , To determine the Web Whether the application is vulnerable .  

DAST It is a black box testing technology , Is currently the most widely used 、 Use the simplest one Web Apply security testing methods , Tools commonly used by safety engineers, such as AWVS、AppScan Waiting is based on DAST Principle products .

SAST：

Static application security testing （Static Application Security Testing） Technology usually analyzes the syntax of the application's source code or binary files in the coding phase 、 structure 、 The process 、 Interface to find the security vulnerabilities in the program code .

exceed 50% The security vulnerability of is caused by wrong coding , Developers generally lack safety development awareness and skills , Pay more attention to the realization of business functions . If you want to control vulnerabilities from the source, you need to develop a code detection mechanism ,SAST It is a kind of test plan to test the source code and find security vulnerabilities in the development stage .

IAST：

Interactive application security testing （Interactive Application Security Testing） yes 2012 year Gartner A new application security testing solution proposed by the company , Through agency 、VPN Or deploy on the server side Agent Program , collect 、 monitor Web Application runtime function execution 、 The data transfer , And interact with the scanner in real time , Efficient 、 Accurately identify security defects and vulnerabilities , At the same time, it can accurately determine the code file where the vulnerability lies 、 Row number 、 Functions and parameters .IAST Equivalent to DAST and SAST An interrelated runtime security detection technology combined with .

IAST Interactive application security testing technology is a hot new application security testing technology in recent years , Ever been Gartner The consulting company is listed as a leader in the field of network security Top 10 One of the technologies .IAST Integrated DAST and SAST The advantages of , The vulnerability detection rate is very high 、 False positives are extremely low , At the same time, you can locate API Interfaces and code snippets .