Dynamic Analysis Security Testing (DAST)

Penetration Testing

Penetration testing is the process of hacking a system with the permission from the owner of that system, to evaluate security, Hack Value, Target of Evaluation (TOE), attacks, exploits, zero-day vulnerability & other components such as threats, vulnerabilities, and daisy chaining. We perform Penetration Testing as per Cert-in guidelines.

Types of Penetration Testing

Three types of Penetration testing are important to be differentiated because a penetration tester may have asked to perform any of them.

Black Box

The black box is a type of penetration testing in which the pentester is blind testing or double-blind testing, i.e. provided with no prior knowledge of the

system or any information of the target. Black boxing is designed to demonstrate an emulated situation as an attacker in countering an attack.

Grey box

Grey box, is a type of penetration testing in which the pentester has very limited prior knowledge of the system or any information of targets such as IP addresses, Operating system or network information in very limited. Grey boxing is designed to demonstrate an emulated situation as an insider might have this information and to counter an attack as the pentester has basic, limited information regarding target.

White box

The white box is a type of penetration testing in which the pen tester has complete knowledge of system and information of the target. This type of penetration is done by internal security teams or security audits teams to perform auditing.

 Why DAST?

•Black/Grey-box security testing using automated tools; examines an application as it's running to find vulnerabilities that an attacker could exploit. 

•SAST may not get full picture without application deployment 

•DAST will help in picking out deployment specific issues 

•Results from DAST and SAST can be compared to weed out false positives