Versions Compared

Old Version 150

changes.mady.by.user Laura Mandolini

Saved on

compared with

New Version 153

changes.mady.by.user Marco Security

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Dynamic Reviewer is made over 3 solutions: HAST (/wiki/spaces/KC/pages/1645674518), DAST and APM.

Table of Contents

DAST-Penetration Testing made easy

With Dynamic Reviewer Light-PenTest module, Security Reviewer becomes an hybrid solution. You can inspect your web application during running, directly from your Desktop, or using a Browser.

Table of Contents

DAST-Penetration Testing made easy

The following installation options are available:

  • Desktop for Windows, Linux or Mac. It is based on a re-engineered version of IronWasp, but using our own Core Engine, and offers additional professional features for Pen Testers, like deep discovery, plugin development console and HTTP Requests manipulation.

  • Web App on premise. It is based on Arachni Web UI, but using our own Core Engine. With Arachni we share also the Dispatcher Agent Infrastructure via Arachni-rpc protocol, and the results in AFR format.

  • Command Line Interface. It is our own multi-platform Core Engine, 100% written by us using Python and C++ and started by scratch in 2015, covering 200% more Security Checks than the market leaders

  • Cloud. Our Web App offered in an high-performance European or American Secured Cloud Infrastructure

...

Dynamic Reviewer DAST plugins based architecture provides an VB.NET, Python and Ruby Scripting Environment with API (Desktop version), with full access to all functionality of the tool, for creating precise Crawlers and Scanners, used by the Pen Testers to write their own fuzzers, create custom crafted request, analysis of logs, etc.

Dynamic Reviewer DAST provides a robust and stable framework for Web Application Security Testing, suitable for all Security Analysts, QA and Developers with False Positives and False Negatives support. It is designed for optimum mix of Manual and Automated Testing and allows designing customised penetration tests, offering an easy-to-use GUI and advanced scripting capabilities.

Best Performances

Scan-times using traditional tools can range between a few hours to a couple of weeks – maybe even more. This means that wasted time can easily pile up, even when we’re talking about mere milliseconds per request/response.

Dynamic Reviewer benefits from great network performance due to its asynchronous HTTP request/response model. In this case – and from a high-level perspective –, asynchronous I/O means that you can schedule operations in such a way that they appear like they’re happening at the same time, which in turn means higher efficiency and better bandwidth utilization.

It provides a high-performance environment for the tests that need to be executed while making adding new tests very easy. Thus, you can rest assured that the scan will be as fast as possible and performance will only be limited by your or the audited server’s physical resources.

Avoiding useless technical details, the gist is the following:

...

It provides the single point of contact that will contact its grid of Dispatch Servers (DispatchersAgents) with initial scan requests. The Dispatchers Agents then spawn a new Instance on that Server. At this point, the Web UI Clients will be able to communicate directly with the spawned Instance to configure it for the appropriate scanning jobs. When an Instance is done with its task, The Web UI Clients pull the data and store it, while the Instance simply goes away, returning the resources it consumed to the operating system for future Instances or other software tasks altogether. As we move into production testing, we can scale the deployment to span additional resources on other servers in our grid, and this will not only allow us to run multiple scans, but accommodate teams of users while consolidating the data gathered in a central database on the Web UI Client.

...

Configuration options include:

...

         Dynamic Reviewer DAST automatically Import Security Reviewer's Static Analysis the analyzed Web Application's directory and file lists, Attack Vectors and Exploits.

...

DISCLAIMER: Due we make use of opensource third-party componentscomponents (IronWasp by ANANT SHRIVASTAVA and Arachni Web UI by Tasos Laskos), we do not sell the product, but we offer a yearly subscription-based Commercial Support to selected Customers. 

COPYRIGHT (C) 2014-2021 2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.