Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
While next-generation DAST tools are far better than their traditional counterparts at scanning web applications and APIs for vulnerabilities, they aren’t perfect. This piece details
the key features to look for in a DAST tool and offers recommendations for choosing the right tool for your environment.
DAST tools were originally designed to crawl and scan web applications using HTML form-based requests. However, web applications today are breaking up into single-page applications (SPAs) and hundreds (or thousands) of microservice endpoints. Traditional
DAST tools were struggling to make the transition, which requires parsing the SPA’s endpoints, discovering parameters and invoking the scanner. In recent years, these tools have been reinvented with new capabilities to overcome these challenges,
READ: Secure Coding Basics for Developers
Next-generation DAST tools are designed specifically to uncover vulnerabilities in today’s web application and APIs. However, some are difficult to configure, lack automation capabilities, fail to integrate with other tools, produce false positives
and cannot crawl SPAs. To ensure the tool you use works as expected:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 21, 2024
By IANS Research
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.
February 15, 2024
By Alex Sharpe, IANS Faculty
IANS Faculty member Alex Sharpe discusses the risks around AI adoption and provides governance guidance to make your AI launch safe and mitigate risk.
February 13, 2024
By IANS Faculty
Learn how to how to use NIST to modify secure baseline configurations to account for risk and improve security posture.