On Demand Assessments

Dynamic Application Security Testing

Unlock security testing, vulnerability management, and tailored expertise.

Organizations are faced with rapidly expanding application portfolios, both in size and complexity. Securing applications from risk and vulnerabilities has become a business imperative to protect the business and protect customers.

Satius Security’s On-Demand Dynamic Application Testing offers a cost effective

OVERVIEW

Protect Applications throughout the Software Development Lifecycle

Applications must be protected across all phases of the Software Development Lifecycle (SDLC) to make a Software Security Assurance program successful. Application security begins when code is developed. Code is validated through testing and is continuously monitored once the application moves into production. Application security programs embedded throughout the SDLC have been proven to be the most cost-effective way to ensure policy execution, compliance, and on-going enforcement.

application security testing

Dynamic assessments complement Static Application Security Testing of source code because they identify vulnerabilities that can be detected only in a live/simulated production environment. Examples of vulnerabilities detected only through dynamic testing range from configuration related vulnerabilities to sophisticated hacking techniques and specific attack vectors against an application’s business logic.

Value On Demand

Our DAST technologies support web applications, web services, and mobile-browser optimized applications. What makes Satius on Demand DAST assessments unique is that they integrate three essential components: WebInspect automated testing, manual analysis, and optional active IAST.

Realistic

Mimic real-world hacking techniques and attacks on targeted applications

Coverage

Provide comprehensive security analysis of complex web applications and web services

Comprehensive

Crawl the entire attack surface to find exploitable vulnerabilities

Remote

Can test internal applications through site-to-site VPN or whitelisting the on Demand’s official data centre IP addresses

Comprehensive Dynamic Application Security Assessment Approach

WebInspect

Our DAST technologies support web applications, web services, and mobile-browser optimized applications. What makes Fortify on Demand DAST assessments unique is that they integrate three essential components: Fortify WebInspect by OpenText automated testing, manual analysis, and optional active IAST.

Manual Analysis

Fortify on Demand works as an extension of your in-house application security team. We recognize the significant time and money your team has spent in developing new applications. Your business may not have the time nor the in-house expertise to review extensive reports to validate scan coverage and remove false positives. Fortify on Demand, in its commitment to ensure actionable results, takes the extra step to manually review all initial dynamic scan results with its dedicated team of 150+ global security experts. This includes the isolation and the removal of false positives. Some of the tasks performed by the Fortify on Demand testing team include:

Our team can also manually analyze the target web application or web service for up to 8 hours using Fortify on Demand’s testing methodology to augment the WebInspect scan results with advanced, targeted penetration testing. Our experts conduct an in-depth examination of the application’s authentication scheme, session management, access control, and a review for logical flaws and faulty developer assumptions. They identify vulnerabilities that can only be detected through human intervention, including, but not limited to:

  • The ability to harvest user accounts
  • Bypassing multi-step authentication
  • Password reset flaws
  • Accessing other users’ data or sensitive content
  • Horizontal or vertical privilege escalation
  • Skip key transaction steps such as shopping cart payments
  • Abuse of discount or business limit restrictions
  • Unique business logic flaws due to faulty developer assumptions

Active IAST

On-demand customers have the option of integrating active IAST (Interactive Application Security Testing) Agent during the dynamic assessment process. The IAST Agent is installed on the application runtime server and automatically synchronizes with WebInspect during our on Demand dynamic assessment. Benefits of the IAST Agent include:

  • SAST

    Static

  • DAST

    Dynamic

  • IAST

    Interactive

Ready for Cyber Resilience?

Learn more how our Managed Service can help you achieve Cyber Resilience and be an extension of your team without breaking the budget.

Blog

Latest news

We fully understand the challenges SMBs and enterprise face alike to meet security frameworks compliance and ensure overall optimal security posture.
Scroll to Top