With Dynamic Reviewer Light-PenTest module, you can inspect your web application during running, directly using your Browser.
...
You can import third-party Security Scanners results. They will be correlated automatically.
Dynamic Reviewer DAST provides a robust and stable framework for Web Application Security Testing, suitable for all Security Analysts, QA and Developers with False Positives and False Negatives support. It is built over an optimum mix of Manual and Automated Testing and allows designing customised penetration tests, offering an easy-to-use GUI and advanced Scan capabilities.
...
Note that these are examples of the alerts raised - many rules include different details depending on the exact problem encountered.
Active vs. Passive Scans
Passive scans review all HTTP requests and responses from the application, looking for indicators of security vulnerabilities. These scans do not change anything about the requests. Active scans, on the other hand, will create and modify requests being sent to the application, sending test requests that will surface vulnerabilities that would not be caught in a passive scan.
Active scans are definitely a better way to test for vulnerabilities in your application, as the test suite injects requests that will surface vulnerabilities. These scans are, however, actively attempting to attack the application, which may include creating or deleting data.
While passive scans are low risk, they also will not catch many potential vulnerabilities. By nature, these tests do not test for the most aggressive vulnerabilities, such as SQL Injection.
DOM Security Issues
The list of DOM Security Issues found by Dynamic Reviewer are:
...
DISCLAIMER: Due we make use of open source components (w3af, pWeb, dradis, wXf, OSVDB), we do not sell the product, but we offer a yearly subscription-based Commercial Support to selected Customers, plus our Commercial Security Scanner.
COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.