当前位置:网站首页>What is web application security testing technology?
What is web application security testing technology?
2022-07-01 17:58:00 【Yisixun College】
In order to find software vulnerabilities and defects , Make sure Web The application is secure before and after delivery , We need to make use of Web Apply security testing techniques to identify Web Weaknesses and vulnerabilities of the architecture in the application , And before hackers can find and use them .
Web After years of development, applied security testing technology , At present, the commonly used technologies in the industry are mainly divided into 3 Major categories .
DAST:
Dynamic application security testing (Dynamic Application Security Testing) Technology analyzes the dynamic running state of an application in the test or run phase . It simulates hackers to attack applications dynamically , Analyze the response of the application , To determine the Web Whether the application is vulnerable .
DAST It is a black box testing technology , Is currently the most widely used 、 Use the simplest one Web Apply security testing methods , Tools commonly used by safety engineers, such as AWVS、AppScan Waiting is based on DAST Principle products .
SAST:
Static application security testing (Static Application Security Testing) Technology usually analyzes the syntax of the application's source code or binary files in the coding phase 、 structure 、 The process 、 Interface to find the security vulnerabilities in the program code .
exceed 50% The security vulnerability of is caused by wrong coding , Developers generally lack safety development awareness and skills , Pay more attention to the realization of business functions . If you want to control vulnerabilities from the source, you need to develop a code detection mechanism ,SAST It is a kind of test plan to test the source code and find security vulnerabilities in the development stage .
IAST:
Interactive application security testing (Interactive Application Security Testing) yes 2012 year Gartner A new application security testing solution proposed by the company , Through agency 、VPN Or deploy on the server side Agent Program , collect 、 monitor Web Application runtime function execution 、 The data transfer , And interact with the scanner in real time , Efficient 、 Accurately identify security defects and vulnerabilities , At the same time, it can accurately determine the code file where the vulnerability lies 、 Row number 、 Functions and parameters .IAST Equivalent to DAST and SAST An interrelated runtime security detection technology combined with .
IAST Interactive application security testing technology is a hot new application security testing technology in recent years , Ever been Gartner The consulting company is listed as a leader in the field of network security Top 10 One of the technologies .IAST Integrated DAST and SAST The advantages of , The vulnerability detection rate is very high 、 False positives are extremely low , At the same time, you can locate API Interfaces and code snippets .
边栏推荐
- SQL injection vulnerability (MySQL and MSSQL features)
- Software construction scheme of smart factory collaborative management and control application system
- Redis主从实现10秒检查与恢复
- About selenium element positioning being overwritten
- 提交review时ReviewBoard出现500错误解决方法
- Roewe rx5's "a little more" product strategy
- Kia recalls some K3 new energy with potential safety hazards
- EasyCVR设备录像出现无法播放现象的问题修复
- JS how to convert a string with a delimiter into an n-dimensional array
- Good looking UI mall source code has been scanned, no back door, no encryption
猜你喜欢
Thinkphp6 - CMS multi wechat management system source code
Countdownlatch blocking wait for multithreading concurrency
Fresh, 2022 advanced Android interview must know 100 questions (interview questions + answer analysis)
(十六)ADC转换实验
Petrv2: a unified framework for 3D perception of multi camera images
ACL 2022 | decomposed meta learning small sample named entity recognition
Yolov5 practice: teach object detection by hand
Vulnhub range hacksudo Thor
Sword finger offer 20 String representing numeric value
. Net cloud native architect training camp (permission system code implements actionaccess) -- learning notes
随机推荐
Leetcode 1380. Lucky numbers in the matrix (save the minimum number of each row and the maximum number of each column)
Subnet division and summary
Is online stock account opening safe? Is it reliable?
EasyCVR通过国标GB28181协议接入设备,出现设备自动拉流是什么原因?
transform. Forward and vector3 Differences in the use of forward
DNS
What are the six steps of the software development process? How to draw software development flow chart?
Radhat builds intranet Yum source server
Cassette helicopter and alternating electric field magnetic manometer DPC
Penetration practice vulnhub range Keyring
The latest software scheme of the intelligent information management system of the armed police force
Integer array merge [JS]
线上开通ETF基金账户安全吗?有哪些步骤?
Is it safe to open a stock account by mobile phone? What do you need to bring with you to open an account?
Depth first traversal and breadth first traversal [easy to understand]
Length of learning and changing
L'ouverture d'un compte d'actions en ligne est - elle sécurisée? Fiable?
开发那些事儿:EasyCVR平台添加播放地址鉴权
Thinkphp6 - CMS multi wechat management system source code
手机开户股票开户安全吗?那么开户需要带些什么?