Automated Security Testing

Web Applications are increasingly complex, making them more difficult to secure. Automated security testing can help to identify vulnerabilities in web applications before they are deployed and as they run.

There are many different types of automated web application security tests, each with its own strengths and weaknesses. Some of the most popular types of tests are:

• Static analysis
• Dynamic analysis
• Fuzzing

Static Analysis

Static analysis is the process of analyzing a web application's code without running it. This can be done manually or using automated tools.

Static analysis can be used to find vulnerabilities such as SQL injection and cross-site scripting. It can also be used to enforce coding standards and best practices.

Dynamic Analysis

Dynamic analysis is the process of running a web application and observing its behavior. This can also be done manually or using automated tools.

Dynamic analysis can be used to find vulnerabilities such as session hijacking and cross-site request forgery. It can also be used to find performance bottlenecks which are the source for denial of service attacks.

Fuzzing

Fuzzing is a type of dynamic analysis that involves feeding invalid or unexpected input to a web application in order to find vulnerabilities.

Fuzzing can be used to find vulnerabilities such as buffer overflows and SQL injection.

SecApps Lookout helps you perform all of the above types of assessment in a single test configuration. Client-side scripts are statically analyzed for security vulnerabilities. Dynamic analysis is performed by running the web application scanner in active mode. Finally, all active mode tests use a form of fuzzing which is designed to feed invalid input to the web application.

All of these tests are performed automatically and the results are presented in a clear and concise report.