Versions Compared

Old Version 233

changes.mady.by.user Marco Security

Saved on

compared with

New Version 234

changes.mady.by.user Marco Security

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

With Dynamic Reviewer Safe-PenTest module, you can inspect your Web Application during running, directly using your Browser, in non-invasive way.

...

You can import third-party results from Security Scanners, Host Scanners and Proof-of-Exploits tools. Their results will be correlated automatically and a unified Enterprise Report is generated.

Dynamic Reviewer DAST provides a robust and stable framework for Web Application Security Testing, suitable for all Security Analysts, QA and Developers with False Positives and False Negatives support, offering an easy-to-use Web GUI, Advanced Scan and Enterprise Reporting capabilities.

...

  • Black Box mode. It is placed in the role of the average hacker, with no internal knowledge of the target system. Testers using Dynamic Reviewer are not provided with any architecture diagrams or source code that is not publicly available. Dynamic Reviewer determines the vulnerabilities in a system that are exploitable from outside the network.
    This means that Black-Box penetration testing relies on dynamic analysis of currently running programs and systems within the target network.
    Dynamic Reviewer follows the OWASP Web Security Testing Guide, chapter 4. Web Application Security Testing.
    Further, Dynamic Reviewer analyzes in deep the client-side code (Ajax, DOM, JavaScript, TypeScript, etc.) discovering the largest number of client-side vulnerabilities in the market.

  • White Box mode. It performs Authentication before starting the scan. It provides the following Login modes:

    • Form-Based Authentication: login with User and Password as Web form, You can configure more than one user, they will be tested all.

    • JSON-Based Authentication: submit a JSON object with credentialsHTTP/NTLM Authentication: Basic, Digest and NTLM

    • Tokern-Based Authentication: You can modify the request headers for inserting tokens

    • Script-Based Authentication: upload and execute a custom script used to login

...

The Penetration Testing process requires an extensive set of tools. These include network (host scanningHost Scanning) and vulnerability scanning software, as well as tools that can launch specific attacks and exploits such as brute-force attacks or SQL injections, a custom reporting and a unified dashboard.

...