FAQ
WHAT CHECKS ARE PERFORMED IN A SCAN?WHAT CHECKS ARE PERFORMED IN A SCAN?
Minimum checks will include the most current Open Web Application Security Project (OWASP) Top 10 Application Security Risks.
-
Injection
-
Broken Authentication
-
Sensitive Data Exposure
-
XML External Entities
-
Broken Access Control
-
Security Misconfiguration
-
Cross-Site Scripting
-
Insecure Deserialization
-
Using Components with known vulnerabilities
-
Insufficient Logging and Monitoring
HOW DOES A DAST SCAN RESULTS LOOK LIKE?HOW DOES A DAST SCAN RESULTS LOOK LIKE?
Figure - Vulnerabilities example on a DAST scan
HOW IS THE ATTACK SURFACE DETERMINED?HOW IS THE ATTACK SURFACE DETERMINED?
Based on the requests collected by the scan tool, an attack surface will be determined such as constant ids, id passing as part of URL, tokens, methods, and so on.
HOW ARE DIFFERENT ENDPOINTS IDENTIFIED? HOW ARE DIFFERENT ENDPOINTS IDENTIFIED?
A Scan identifies web app endpoints by parsing routes and identifying parameters. For example, if the main page is http://localhost:8080 the scan tool will scan through all routes accessible from the main page.
WILL THE SCAN TOOL DETECT A BAD IMPLEMENTATION FROM HANDWRITTEN CODE?WILL THE SCAN TOOL DETECT A BAD IMPLEMENTATION FROM HANDWRITTEN CODE?
The scan detects all common vulnerabilities and most of those can be simulated in an application. For example, SQL Injection is something that can be easily simulated in the code and users can validate if a scan detected it.
HOW CAN I SCAN AN APPLICATION HOSTED ON MY MACHINE?HOW CAN I SCAN AN APPLICATION HOSTED ON MY MACHINE?
Scans are run in a Docker container so as long as the container can access the host machine user can execute the scan. For example, if a user would like to execute a scan on a local application running on a mac on port 8080, you could use URL as http://docker.for.mac.localhost:8080