Skip to main content

Dynamic Aplication Security Testing tools , Web Vulnerabilities scanners (OSTE META SCANNER)

Dynamic Aplication Security Testing TOOLS (DAST) 

what are they and which are the best ? and most known ones ? and is there free open source tools (yes ofc) and which are the best.


Definition :

DAST tools are a type of security testing solution used to identify and assess vulnerabilities in web applications during runtime or while the application is in operation. Unlike Static Application Security Testing (SAST) tools that analyze the source code or binary of an application without executing it, DAST tools interact with the running application to discover potential security issues

  1. assess the security of an application in real-time by interacting with it during runtime. This can include simulating attacks, injecting malicious inputs, and analyzing the application's responses.
  2. operate as a "black box," meaning they do not have access to the internal source code of the application. They focus on evaluating the externally visible behavior of the application.
  3. typically employ automated scanning and crawling techniques to navigate through the web application, identifying various paths, inputs, and parameters. This allows them to test a wide range of attack vectors.
  4. aim to discover and report security vulnerabilities such as SQL injection, cross-site scripting (XSS), security misconfigurations, and other common web application security issues.
  5. DAST tools may have a higher rate of false positives compared to SAST tools because they operate without access to the source code and rely on dynamic analysis. As a result, findings may need additional verification.

 

OSTE META SCANNER : (https://github.com/OSTEsayed/OSTE-Meta-Scan)

comprehensive web vulnerability scanner.

simplify the field of Dynamic Application Security Testing. The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, OWASP ZAP, Nuclei, SkipFish, and Wapiti.

Focusing on diverse list of vulnerabilities main such:

  • SQL injection
  • Cross site scripting
  • OS command injection
  • XML injection
  • XSLT injection
  • XML External entites
  • code injection
  • host header injection
  • html injection
  • Template injection (server-side)
  • CRLF injection
  • OGNL injection

 

LIST of DAST tools (commercial

  1. Netsparker:

  2. Acunetix:

  3. Qualys Web Application Scanning (WAS):

  4. IBM Security AppScan:

  5. Rapid7 AppSpider:

  6. Checkmarx:

  7. Tenable.io Web Application Scanning:

  8. PortSwigger Burp Suite Enterprise:

LIST of DAST tools (OpenSource):

  1. Wapiti

  2. SkipFish  

  3. OWASP zap 

  4. Nikto

  5. Nuclei

  6. Arachni 

  7. Astra  

  8. Burp suit 

  9. GoLismero 

  10. OpenVAS 

  11. Ratproxy

  12. Ronin-Vulns 

  13. Sitadel 

  14. SOOS DAST

  15. Vega Scanner

  16. Vulmap 

  17. Vulscanpro 

  18. W3af 

 

 

This Article is intended for educational purposes and aims to simplify the overall assessment of cybersecurity. However, we want to emphasize that we are not liable for any malicious use of this application. It is crucial that users of this software exercise responsibility and ethical behavior. We strongly recommend notifying the targets or individuals involved before utilizing this software.

Labels:

Comments

Post a Comment

Popular posts from this blog

Who is OSTEsayed and purpose of This Blog?

 Introduction to Who I Am : Hello and a warm welcome! My name is Seyyid Taqy Eddine Oudjani. I am Algerian and have dedicated six years to the study of computer science, earning both a bachelor's and master's degree. Additionally, I hold numerous certifications in the fields of cybersecurity and artificial intelligence, with more details on my expertise to be shared in future updates. In brief, I am deeply passionate about computer science and cybersecurity. I derive great satisfaction from solving complex problems, and I have set some significant goals for myself. The primary objective of this blog is to document my journey from ground zero to wherever life takes me. My overarching goal is to establish my own enterprise in the cybersecurity domain. To achieve this, my initial steps involve securing an entry-level SOC analyst position and subsequently advancing to meet the requirements of the Blue Team. Following this, I plan to transition to the Red Team, delving into the intr
Post a Comment
Read more

Cyber Security list of related jobs and my experiences.

  my Cybersecurity Analyst Professional Path :  First of all the realm of cybersecurity is bigger than you ever would imagine, and there is no wrong answers on how to start in this field, it's based on your interest your conditions and your willing to give effort for. and am just sharing my experiences and my choices  Cyber Security related job and posts: Here's a list of cybersecurity-related job roles along with brief descriptions: Penetration Tester (Ethical Hacker): Conducts authorized simulated cyberattacks to identify vulnerabilities in systems, networks, or applications. Advises organizations on security weaknesses and provides recommendations for mitigation. Security Analyst: Monitors security alerts and incidents to identify potential threats and vulnerabilities. Analyzes security data to generate reports and recommends improvements in security protocols. Security Operations Center (SOC) Analyst: Works in a SOC to monitor and respond to security incidents. Analyzes
Post a Comment
Read more

Computer Science Start Story

Computer Science Love Story This article will delve into the genesis of my passion for computer science and the process I underwent to immerse myself in this captivating and ever-evolving field. Let's embark on this journey: Start of a Journey: Like many children of our generation, my fascination with computer games was inevitable. I was particularly addicted to CS: Global Offensive, an extraordinary game with a community that I loved beyond words. However, as with any addiction, there comes a moment when every kid must wake up to reality and step outside the door (in my case, it was inside a virtual door). After obtaining my baccalaureate, I made a pivotal decision to pursue Computer Science and Mathematics at 8 May 1945 Guelma University. This marked the beginning of a voyage into incredible worlds and fascinating languages. It was during this time that I realized computers have their own language, and we can communicate with them. I found myself conversing with the computer eve
Post a Comment
Read more