In today’s world of complex, modern web applications, accurate and automated Dynamic Application Security Testing (DAST) tools are rare, but do exist. What characteristics should you look for in a DAST tool to give you greater accuracy and ease of use? We’ve put together the 15 key features and capabilities to consider for security buyers looking to adopt or migrate to a DAST solution.
To help you cover all your bases, we’ve also included some questions and techniques you can leverage to get the most out of your evaluation period. So, let's get started (no form required).
The 15 Requirements for DAST Solution Buyers:
1. Coverage of Modern Web Technologies
2. Future-Proof Strategy
3. Quick Start Capabilities
4. Architecture and Scalability that Meets Your Needs
5. Authentication and Session Management
6. Customer Support and Customization
7. Sophisticated Attack Techniques
8. Redundant False Positive Checking
9. Relevant Data Input
10. Inclusion of Every Parameter on Every Page
11. Scan Scheduling and Blackout Periods
12. Interactive and Usable Reporting
13. Attack Replay
14. Compliance Reporting
15. Custom Mobile Applications
Manage a more advanced application security program? Already adopted DevSecOps?
We’ve included a few other considerations that will not only improve the effectiveness of your DAST solution, but also its ability to fold seamlessly into the workflows of your development counterparts: 1. Continuous Integration (CI) and 2. WAF/IPS Linking with Custom Rules and Quick Re-Test.