Independent of the application Immediately finds vulnerabilities that could be exploited Does not require access to the source code

Does not find the exact location of a vulnerability in the code Security knowledge is needed to interpret reports Test can be time-consuming

Why is DAST Important?

DAST is important because developers don’t have to rely solely on their own knowledge when building applications. By conducting DAST during the SDLC, you can catch vulnerabilities in an application before it’s deployed to the public. If these vulnerabilities are left unchecked and the app is deployed as such, this could lead to a data breach, resulting in major financial loss and damage to your brand reputation. Human error will inevitably play a part at some point in the Software Development Life Cycle (SDLC), and the sooner a vulnerability is caught during the SDLC, the cheaper it is to fix. When DAST is included as part of the Continuous Integration/Continuous Development (CI/CD) pipeline, this is referred to as “Secure DevOps,” or “ DevSecOps .” Analysis of Fortify on Demand (FoD) vulnerability data shows that 94% of over 11,000 Web applications contained bugs in security features, while code quality and API abuse issues have roughly doubled over the past 4 years ( 2019 Micro Focus Application Security Risk Report ).

A DAST scanner searches for vulnerabilities in a running application and then sends automated alerts if it finds flaws that allow for attacks like SQL injections , Cross-Site Scripting (XSS) , and more. Since DAST tools are equipped to function in a dynamic environment, they can detect runtime flaws which SAST tools can’t identify. To use the example of a building, a DAST scanner can be thought of like a security guard. However, rather than just making sure the doors and windows are locked, this guard goes a step further by attempting to physically break into the building. The guard might try to pick the locks on the doors or break windows. After finishing this examination, the guard could report back to the building manager and provide an explanation of how he was able to break into the building. A DAST scanner can be thought of in this same way – it actively attempts to find vulnerabilities in a running environment so the DevOps team knows where and how to fix them.

What is a DAST tool that is well-suited for developers?

Micro Focus Fortify WebInspect provides automated dynamic application security testing so you can scan and fix exploitable web application vulnerabilities. Typically, DAST is done after production since it is emulating attacks on a running application; but by making the decision to “Shift DAST left” (moving DAST earlier in the process of development) you’re able to detect vulnerabilities sooner, which saves time and money. Fortify WebInspect includes pre-built scan policies, balancing the need for speed with your organizational requirements. Fortify WebInspect also includes an incremental scanning feature, which allows you to rapidly asses vulnerabilities in only the areas of the application that have changed. Fortify WebInspect allows you to: Secure DevOps with automated DAST Manage AppSec risk at scale Achieve compliance with major data security regulations Shift DAST left Crawl modern frameworks and APIs Build a stronger AppSec program

What is the difference between SAST and DAST?

DAST attacks the application from the “outside in” by attacking an application like a malicious user would. After a DAST scanner performs these attacks, it looks for results that are not part of the expected result set and identifies security vulnerabilities. SAST, on the other hand, analyzes static environments, meaning the source code of an application. It looks at the application from the “inside out,” searching for vulnerabilities in the code. To maximize the strength of your security posture, it’s a best practice to use both SAST and DAST. Having this unified taxonomy across testing methods enables you to have a complete view of vulnerabilities.

What is Dynamic Application Security Testing (DAST)

Q: What is Dynamic Application Security Testing (DAST)?

Dynamic Application Security Testing ( DAST ) is the process of analyzing a web application through the front-end to find vulnerabilities through simulated attacks. This type of approach evaluates the application from the “outside in” by attacking an application like a malicious user would. After a DAST scanner performs these attacks, it looks for results that are not part of the expected result set and identifies security vulnerabilities. Application development and testing continues to be the most challenging security process for organizations , according to IT security professionals. Developers need solutions to help them create secure code, and that is where Application Security (AppSec) tools come into play. AppSec is the discipline of processes, tools and practices aiming to protect applications from threats throughout the entire application lifecycle. There are many ways to test application security, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Mobile Application Security Testing (MAST) Interactive Application Security Testing (IAST)

Analytics & Big Data
Analytics & Big Data

Analytics for business insights in a data driven world
- Vertica Advanced Analytics Platform
  The fastest, open, infrastructure-independent, advanced analytics SQL database
- Cognitive Search & Knowledge Discovery
  
  Cognitive Search & Knowledge Discovery
  
  Quickly attain key information with best-in-class cognitive search and discovery
  
  IDOL
  Securely access and analyze enterprise (and public) text, audio & video data
- Security Analytics
  
  Security Analytics
  
  Search and analysis to reduce the time to identify security threats
  
  ArcSight Recon
  An intuitive hunt and investigation solution that decreases security incidents
  
  ArcSight Interset
  User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
- IT Operations Analytics
  
  IT Operations Analytics
  
  Leverage big data to optimize and make your IT processes more efficient
  
  Operations Bridge Suite
  Autonomous operations through a business lens
  
  IT Service Management Automation Suite
  Intelligent automation for service desk, configuration, and asset management
- Big Data Platform
  
  Big Data Platform
  
  Open, secure, high-performance platforms to build Big Data analytics stacks
  
  Vertica
  SQL analytics solution handling large amounts of data for big data analytics
  
  Voltage SecureData for Hadoop
  High-scale protection of sensitive data at rest, in motion, and in use across systems
Application Delivery Management

Application Delivery Management

Streamline your software factory to deliver better value faster and safer

ALM Octane
Optimize the flow of work for continuous quality and delivery

ALM/Quality Center
Govern quality with rigorous, auditable software lifecycle processes

UFT Family
Combine extensive technology support with AI-driven continuous functional testing

Dimensions CM
Enable all aspects of SCCM with enterprise grade scalability, security, and compliance

LoadRunner Family
Deliver high-performing applications with continuous performance engineering

Release Control
Plan, track, orchestrate, and release complex applications across any environment

Fortify
Find software security issues early and fix at the speed of DevOps

Deployment Automation
Automate deployments for continuous delivery with drag-and-drop simplicity

Project & Portfolio Management
Align corporate investments with business strategy

View All Products
Access a list of all products in application delivery management
Application Modernization & Connectivity
Application Modernization & Connectivity

Modernize Core Business Systems to Drive Business Transformation
- COBOL
  COBOL
  
  Build and modernize business applications using contemporary technology
  
  Develop & Deploy
  
  Develop & Deploy
  
  Modernize COBOL and PL/I business applications using state-of-the-art tools
  
  Visual COBOL
  Future-proof core COBOL business applications
  
  Extend / AcuCOBOL-GT
  Maintain and enhance ACUCOBOL-based applications
  
  AcuToWeb
  Deliver application access—anywhere
  
  NetExpress / Server Express
  Maintain and enhance COBOL systems
  
  RM/COBOL
  Maintain and enhance RM/COBOL applications
  
  Data Modernization
  
  Data Modernization
  
  Unlock the value of business application data
  
  Database Connectors
  Connect COBOL applications to relational database management systems
  
  Relativity
  Derive incremental value with real-time, relational access to COBOL data
  
  Acu-XDBC
  Unlock business value with real-time, relational access to ACUCOBOL data
  
  Acu-4GL
  Connect ACUCOBOL applications to relational database management systems
  
  Application Analysis
  
  Application Analysis
  
  COBOL Analyzer
  Automatically understand and analyze Micro Focus COBOL applications
  
  Agile & DevOps
  Build COBOL applications using Agile and DevOps practices
  
  Linux, Cloud & Containers
  Deploy COBOL applications across distributed, containerized or cloud platforms
  
  Application Rehosting
  Modernize core business system infrastructure to support future innovation
- Visual COBOL
- Mainframe
  Mainframe
  
  Modernize IBM mainframe applications, delivery processes, access and infrastructure
  
  Plan & Manage
  
  Plan & Manage
  
  Plan, manage and deliver Enterprise software with compliance and certainty
  
  Atlas
  Manage agile projects using a collaborative, flexible, requirements and delivery platform
  
  Dimensions RM
  Manage requirements with full end-to-end traceability of processes
  
  Analyze
  
  Analyze
  
  Understand, analyze, and extract critical mainframe COBOL application value
  
  Enterprise Analyzer
  Automatically understand and analyze IBM mainframe applications
  
  Enterprise View
  Capture, analyze, and measure the value, cost and risk of application portfolios
  
  Business Rule Manager
  Build packages of change artifacts to speed up mainframe application development
  
  Control
  
  Control
  
  Manage all aspects of change for robust, automated mainframe application delivery
  
  ChangeMan ZMF
  Build and manage packages of change artifacts to speed up mainframe application development
  
  (ChangeMan ZMF) Client Pack
  Provide multiple change management interfaces to maintain mainframe apps
  
  Develop
  
  Develop
  
  Build, modernize, and extend critical IBM mainframe systems
  
  Enterprise Developer
  Build and modernize IBM mainframe COBOL and PL/I applications
  
  Enterprise Sync
  Enable faster, efficient parallel development at scale
  
  Verastream
  Fuel mobile apps, cloud initiatives, process automation, and more
  
  StarTool FDM
  Manage mainframe files for fast problem resolution
  
  Test
  
  Test
  
  Accelerate IBM mainframe application testing cycles with a scalable, low-cost solution
  
  Enterprise Test Server
  Easily test mainframe application changes using flexible infrastructure
  
  Comparex
  Compare and manage mainframe data, text, and directory files
  
  Release
  
  Release
  
  Automate deployments and orchestrate the application release process to join teams
  
  Deployment Automation
  Connect Dev and Ops by automating the deployment pipeline and reduce feedback time
  
  Release Control
  Centralize planning and control for the entire software release lifecycle
  
  Solutions Business Manager
  Orchestrate and integrate processes for faster software development and delivery
  
  ChangeMan SSM
  Detect changes, synchronizes multiple environments, and restores failed systems
  
  Deploy
  
  Deploy
  
  Leverage modern Hybrid IT infrastructure to execute application workload in a fit-for-purpose model
  
  Enterprise Server
  Execute IBM mainframe COBOL and PL/I workload on Windows, Linux and the Cloud
  
  Enterprise Server for .NET
  Execute modernized IBM mainframe workloads under Microsoft .NET and Azure
- Host Connectivity
  Host Connectivity
  
  Modernize host application access: easier to use, easier to integrate, easier to manage, more secure
  
  Access
  
  Access
  
  Modernize application access across desktop, web, and mobile devices
  
  Reflection
  Modernize IBM, HP, and Unix application access across desktop and mobile devices
  
  Host Access for the Cloud
  Web-enable IBM and VT application desktop access, Java free
  
  InfoConnect
  Modernize Unisys mainframe application desktop access
  
  Rumba
  Modernize IBM, HP, and Unix application desktop access
  
  Extra!
  Automate IBM, HP, and Unix application desktop access
  
  Integrate
  
  Integrate
  
  Bring the value of host applications to new digital platforms with no-code/low-code modernization
  
  Verastream
  Create new applications and workflows with Web services and APIs for IBM, HP, and UNIX applications
  
  Databridge
  Fuel analytics platforms and BI applications with Unisys MCP DMSII data in real time
  
  Secure
  
  Secure
  
  Respond to new regulatory requirements for host application access and data protection
  
  Host Access Management & Security Server
  Centralize host access management with identity-powered access control and data security
  
  Reflection for Secure IT
  Modernize file transfer with security, encryption and automation, within and across the firewall
  
  Advanced Authentication Connector for z/OS
  Learn how Advanced Authentication Connector for z/OS is a multi-factor authentication for all your IBM z/OS end points
  
  Manage
  
  Manage
  
  Improve governance for host access software and infrastructure
  
  Host Access Analyzer
  Measure and manage terminal-based software deployment and usage
  
  Host Access Management & Security Server
  Centralize host access management with identity-powered access control and data security
- CORBA
  
  CORBA
  
  Attain interoperability of systems across the enterprise
  
  VisiBroker
  Develop and deploy applications with a comprehensive suite of CORBA products
  
  Orbix
  Build distributed applications at enterprise scale
  
  Orbacus
  Develop, deploy, and support CORBA 2.6 compliant middleware in C++ or Java
  
  OpenFusion
  Connect applications on diverse operating environments
Team Collaboration and Endpoint Management
Team Collaboration and Endpoint Management
- Collaboration
  
  Collaboration
  
  Build a productive, mobile workforce.
  
  Enterprise Messaging
  Email, IM, chat-based teamwork, anti-virus, anti-spam, disaster recovery, and more
  
  Filr
  Provides secure file access and sharing from any device
  
  GroupWise
  Provides secure email, calendaring, and task management for today's mobile world
  
  GroupWise Disaster Recovery
  Backup and disaster recovery solution that ensures critical email is always available
  
  Open Workgroup Suite
  Seven essential tools to build IT infrastructures, including secure file sharing
  
  Vibe
  Provides secure team collaboration with document management and workflow features
  
  Secure Messaging Gateway (GWAVA)
  Protect your network and messaging system from malware, viruses, and harmful content
- File and Print
  
  File and Print
  
  Delivering critical file, storage and print services to enterprises of all sizes
  
  Access Manager
  Provides single sign-on for enterprises and federation for cloud applications
  
  Advanced Authentication
  Protect your sensitive information more securely with multi-factor authentication
  
  File Management Suite for OES
  File Reporter and Storage Manager solution suite bundle
  
  File Reporter for OES
  File Reporter for OES examines OES network file systems and delivers intelligent file insights so you can make the most intelligent business decisions.
  
  Filr
  Provides secure file access and sharing from any device
  
  OES Business Continuity Clustering
  Protects your key business systems against downtime and disaster
  
  OES Cluster Services
  Simplifies resource management on a Storage Area Network and increases availability
  
  Open Enterprise Server
  File, print, and storage services perfect for mixed IT environments
- Unified Endpoint Management and Protection (UEMP)
  
  Unified Endpoint Management and Protection (UEMP)
  
  Connected MX
  Cloud-based endpoint backup solution with file sync and share, and analytics
  
  Desktop Containers
  Package, test, and deploy containerized Windows apps quickly and easily
  
  ZENworks Suite
  Seven integrated products to help track, manage and protect endpoint devices
  
  ZENworks Asset Management
  Provides reports that integrate licensing, installation and usage data
  
  ZENworks Configuration Management
  Provides automated endpoint management, software distribution, support, and more
  
  ZENworks Endpoint Security Management
  Delivers identity-based protection for devices and features total protection
  
  ZENworks Full Disk Encryption
  Proactive laptop and desktop data protection to automatically lock out threats
  
  ZENworks Patch Management
  Automates patch assessment and monitors patch compliance for security vulnerabilities
  
  ZENworks Service Desk
  Streamlines and automates the way you provide IT services to your business
Information Management & Governance
Information Management & Governance

Trusted, proven legal, compliance and privacy solutions
- Information Archiving
  
  Information Archiving
  
  Consolidate and govern information for legal, compliance, and mailbox management
  
  Digital Safe
  Cloud-based, scalable archiving for regulatory, legal, and investigative needs
  
  Retain Unified Archiving
  Archive all business communication for case assessment, search, and eDiscovery
  
  Supervisor
  Automate employee data and communication monitoring to meet regulatory compliance and internal initiatives
  
  Social Media Governance
  Mitigate risk across social media channels to meet regulatory compliance obligations
  
  Secure Messaging Gateway (GWAVA)
  Protect your network and messaging system from malware, viruses, and harmful content
- Secure Content Management
  
  Secure Content Management
  
  Securely meet regulatory, privacy, and jurisdictional retention requirements
  
  Content Manager
  Helping organizations meet data privacy regulatory guidelines through the management & disposition of data.
  
  File Dynamics
  Address the ever-changing needs of network data management
  
  ControlPoint
  File analysis to discover, classify and automate policy on unstructured data
  
  File Reporter
  Discover what is being stored and who has access
  
  Structured Data Manager
  Structured data archiving to retire outdated applications and reduce data footprint
  
  File Governance Suite
  Identity-driven governance of data & access
  
  Data Discovery
  SaaS-based file analysis on all of your unstructured data
- eDiscovery
  
  eDiscovery
  
  Identify, lock down, analyze, and prepare data for litigation and investigations
  
  eDiscovery
  Respond to litigation and investigations quickly, accurately, & cost-effectively
- Search & Analytics
  
  Search & Analytics
  
  Deliver information faster organization-wide with cognitive search and analytics
  
  IDOL
  Securely access and analyze enterprise (and public) text, audio & video data
- Data Backup and Restore
  
  Data Backup and Restore
  
  Secure backup and rapid restores for all structured and unstructured data to ensure business continuity
  
  Data Protector
  Backup and disaster recovery for diverse, dynamic, and distributed enterprise
IT Operations Management

IT Operations Management

Accelerate your IT Operations to the speed of DevOps

Data Center Automation
Automate provisioning, patching, and compliance across the data center

Universal Discovery & UCMDB
Discover and manage configuration items (CIs) in Hybrid IT environments.

Hybrid Cloud Management X
Simplify fulfillment automation and enforce governance

Network Operations Management
Automate and manage traditional, virtual, and software-defined networks

Operations Bridge
AIOps for Cloud Monitoring - Automated event and performance monitoring for multi-cloud and on-premises environments.

Operations Orchestration
Automate IT processes end-to-end

Robotic Process Automation
Build, secure, and scale automated business processes across the enterprise

Service Management Automation
Engaging end-user experience and efficient service desk based on machine learning

Asset Management X
Manage IT assets for improved costs
Security
Security

Security at the core to everything you do; Operations, Applications, Identity and Data
- Security Operations
  
  Security Operations
  
  Detect known and unknown threats through correlation, data ingestion and analytics
  
  ArcSight Enterprise Security Manager (ESM)
  A comprehensive threat detection, analysis, and compliance management SIEM solution
  
  ArcSight Recon
  An intelligent log management solution that eases compliance burdens and accelerates forensic investigation for security professionals
  
  ArcSight Logger
  A comprehensive log management solution for easier compliance, efficient log search, and secure cost-effective storage.
  
  ArcSight Marketplace
  Download and deploy pre-packaged content to dramatically save time and management
  
  Security Open Data Platform
  A future-ready data platform that transforms data chaos into security insight.
  
  ArcSight Intelligence
  User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
  
  Sentinel
  A fully-featured, adaptable solution that simplifies the day-to-day use of SIEM
  
  ArcSight SOAR
  A comprehensive Security Orchestration Automation Response platform with cognitive automation, investigation service desk, process orchestration and SOC analytics.
- Data Privacy and Protection
  
  Data Privacy and Protection
  
  Encryption, tokenization and key management for data de-identification and privacy
  
  Data Discovery
  SaaS-based file analysis on all of your unstructured data
  
  Data Management
  Identify, analyze, and manage your data; then establish policies to protect your data properly and efficiently, in use and throughout its lifecycle, and ensure data preservation.
  
  Voltage SmartCipher
  Persistent file encryption, complete control, and visibility to simplify unstructured data security
  
  Voltage SecureData Enterprise
  Format-preserving encryption, tokenization, data masking, and key management
  
  Voltage SecureData for Payments
  Omni-channel PCI compliance and data protection for end-to-end payments security
  
  Voltage SecureMail On-Premises
  Email, file, and Office 365 protection for PII, PHI, and Intellectual Property
  
  Voltage SecureMail Cloud
  Saas cloud email encryption to protect information on Office 365
- Application Security
  
  Application Security
  
  Secure development, security testing, and continuous monitoring and protection
  
  Fortify Static Code Analyzer
  Identifies security vulnerabilities in source code early in software development
  
  Fortify WebInspect
  Provides comprehensive dynamic analysis of complex web applications and services
  
  Fortify Software Security Center
  Gain valuable insight with a centralized management repository for scan results
  
  Fortify on Demand
  Manage your entire application security program from one interface
- Identity & Access Management
  Identity & Access Management
  
  An integrated approach to Identity and Access Management
  
  Identity Governance & Administration
  
  Identity Governance & Administration
  
  A comprehensive identity management and governance solution that spans across the infrastructure
  
  Data Access Governance
  Provisions and governs access to unstructured data
  
  NetIQ eDirectory
  Provides an LDAP directory with incredible scalability and an agile platform
  
  NetIQ Identity Governance
  Provides automated user access review and recertification to remain compliant
  
  NetIQ Identity Manager
  Delivers an intelligent identity management framework to service your enterprise
  
  Access Management
  
  Access Management
  
  Consistently enforce access rights across your business environment
  
  NetIQ Access Manager
  Provides single sign-on for enterprises and federation for cloud applications
  
  NetIQ Advanced Authentication
  Move beyond username and passwords and securely protect data and applications
  
  Advanced Authentication Connector for z/OS
  Multi-factor Authentication for all your IBM z/OS end points
  
  Host Access Management & Security Server
  Integrate the host with your modern security framework
  
  NetIQ Risk Service
  Adapt the authentication and access experience to the risk at hand.
  
  Self Service Password Reset
  Enables users to reset their passwords without the help of IT
  
  NetIQ SecureLogin
  Streamlines authentication for enterprise apps with a single login experience
  
  NetIQ Secure API Manager
  Protect and manage access to your APIs.
  
  Privilege Management
  
  Privilege Management
  
  Manage and control privileged account activities for all credential-based systems
  
  NetIQ Privileged Account Manager
  Enables IT administrators to work on systems without exposing credentials
  
  NetIQ Directory & Resource Administrator
  Limits administrative privileges and restricts directory views to specific users
  
  NetIQ Group Policy Administrator
  Edit, test and review Group Policy Object changes before implementation
  
  NetIQ Change Guardian
  Protect critical data, reduce risk and manage change with Change Guardian
  
  NetIQ AD Bridge
  Extend the power of Active Directory to Linux resources
  
  Universal Policy Administrator
  Unify and centrally manage policies across multiple platforms.
  
  Delegated Administration
  
  Delegated Administration
  
  Deliver actionable and timely security intelligence
  
  NetIQ Change Guardian
  Protect critical data, reduce risk and manage change with Change Guardian
  
  NetIQ Secure Configuration Manager
  Finds and repairs configuration errors that lead to security breaches or downtime
  
  NetIQ Security Solutions for IBM i
  Provides easy compliance auditing and real-time protection for IBM iSeries systems

Products A-Z

Your browser is not supported

What is Dynamic Application Security Testing (DAST)?

Pros of DAST

Cons of DAST

Why is DAST Important?

How does DAST work?

What is a DAST tool that is well-suited for developers?

What is the difference between SAST and DAST?

At Micro Focus Fortify...

Related Products

Fortify Application Security

Fortify WebInspect

Fortify on Demand (FoD)

Contact Us

Additional Resources

Discover

Resources

Company

Legal & Compliance