Netsparker’s Sales Engineer, Jonathan Davis, strongly believes in the advantages brought on by versatile, modern dynamic tools. Those advantages extend far beyond the typical vulnerability scanning functionality and web application security.
In a recent Quartz Network presentation, Davis introduces the Netsparker IAST component, called Netsparker Shark, and shares his unique approach to DAST maximized by IAST.
IAST is a cost-effective solution that stands for Interactive Application Security Testing. Designed for web applications, it has the ability to interact with the running application in other tools and can find security vulnerabilities and pinpoint location during security testing.
With a true IAST approach, developers get a detailed report with all the information needed to fix the issue.Jonathan Davis, Sales Engineer at Netsparker
Davis discusses three type of IAST tools in his Quartz presentation:
- Passive IAST – provides the sensor that attaches to the application
- Active IAST of DAST-induced IAST – delivered by manufacturers of simple desk scanners
- True IAST Solution – IAST working together with an advanced DAST tool, all information is available using a single tool
“With a true IAST approach, developers get a detailed report with all the information needed to fix the issue, showing how the vulnerability was safely exploited by the scanner, what impact it could have, how it can be fixed, and how to avoid it in the future,” Davis said.
Web Application Security Scanning with Netsparker
Netsparker Shark seamlessly integrates with existing workflows, making IAST implementation a breeze. With the integration, you can scan for vulnerabilities from early development stages and automatically assign the vulnerabilities to specific developers for a quick fix.
“Netsparker gives you a better understanding of your entire existing attack surface,” Davis explained.
Davis relies on Netsparker’s proof-based scanning to confirm issues as they arise and improve operational efficiencies. Netsparker keeps you informed with dashboards and trend charts tracking your current vulnerability status as well as your security and development teams’ progress.
Watch the presentation, Information Technology-Beyond DAST – A DAST First Tool with IAST Depth, for ways Netsparker can help you automate web vulnerability scanning and remediation.