The State of Auth
I set out to answer a few questions I had about the state of authentication in (open-source) DAST tools.
I wondered:
- What are the top open-source DAST tools?
- I'm willing to consider things that aren't open-source if they have good free tiers.
- What does their documentation say about authentication on the site being tested?
- How does that guidance work in practice?
Background¶
OK, I have been assuming that you know what DAST is all this time! DAST stands for dynamic application security testing. Keeping defense in depth in mind, DAST is one way to assess a Web application for vulnerabilities.
Think of DAST as automating the process of browsing a Web site and checking for vulnerabilities that could be exploited.
- 👍 Automate boring things so you can do interesting things.
- 👎 It can only find what you can tell it to seek.
There's more to it than that but that ELI5 should be enough for our purposes.
Open Source DAST Tools¶
What tools are people using these days?
Authenticating with Various DAST Tools¶
https://www.acunetix.com/blog/docs/scanning-applications-with-single-sign-on-sso/
Testing DAST¶
How can we find or provision high-quality test targets?
It's really awesome that we have all of these tools but:
- what do we target?
- what are we looking for?
https://github.com/sectooladdict/wavsep https://github.com/0xUrbz/Reinforced-Wavsep http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html#