Open navigation menu

Welcome to Everand!

Linux Format

Build a dynamic app security pipeline

Sep 21, 2021 8 minutes

The battle between developers and malicious hackers is one that developers have been losing. A lot of the time, it comes down to mentality and company priorities. Hackers, like burglars, only need to find a single open window or unlocked door to get in. You wouldn’t check that you’ve locked your door only once every few months, yet this is the exact approach many companies take to security.

Dynamic Analysis Security Testing (DAST) is perhaps the most overlooked stage of any security pipeline, frequently relegated to a check-up every six months by an outside consultancy that does an automated scan with Burp Suite or Zed Attack Proxy (ZAP) and provides you with a (hopefully short) report and an invoice in the range of £3,000-30,000, mostly depending on the scope. In most cases, the consultants don’t go further than the automated scan because at that point they already have enough to write a multi-page report.

But here’s the thing: when malicious actors (aka hackers) attack your web app, site or API, they aren’t checking if your code is neatly formatted, they’re essentially doing dynamic analysis. They’re looking for a place where you’ve not validated the input, an endpoint that you’ve forgotten to protect, cookie slack, a vulnerable login system, leaked

You’re reading a preview, subscribe to read more.

Start your free 30 days

Sharing Options

More from Linux Format

Linux Format5 min read

Some Ansible Advice For Around The Home!

Of late, this writer has been busy creating new virtual hosts for different things and decided that it would be an ideal time to get stuck into Ansible. Things have evolved in system management since Bash. Ansible is a great way to deploy software c

Linux Format14 min read

Without Ubuntu, the current Linux landscape would be unrecognisable. Back in October 2004, the first 4.10 (2004.10) release of Ubuntu, with its intriguing Warty Warthog code name, leapt from obscurity to being one of the most downloaded Linux distrib

Linux Format3 min read

Linus Torvalds announced the fourth RC (Release Candidate) for what will become Linux 6.9 in another few weeks. In his announcement, he noted that there was “Nothing particularly unusual going on this week – some new hardware mitigations may stand o

Related Books & Audiobooks

Quick Start Kubernetes
Audiobook
Quick Start Kubernetes
byNigel Poulton
Rating: 0 out of 5 stars
0 ratings
Linux for Beginners: How to Perform Linux Admin Tasks
Audiobook
Linux for Beginners: How to Perform Linux Admin Tasks
byATTILA KOVACS
Rating: 5 out of 5 stars
5/5
IaC Mastery: Infrastructure As Code: Your All-In-One Guide To Terraform, AWS, Azure, And Kubernetes
Audiobook
IaC Mastery: Infrastructure As Code: Your All-In-One Guide To Terraform, AWS, Azure, And Kubernetes
byRob Botwright
Rating: 0 out of 5 stars
0 ratings
Network Designs A Complete Guide - 2019 Edition
Ebook
Network Designs A Complete Guide - 2019 Edition
byGerardus Blokdyk
Rating: 0 out of 5 stars
0 ratings
Jasmine Cookbook
Ebook
Jasmine Cookbook
byMunish Sethi
Rating: 5 out of 5 stars
5/5
TCP/IP Sockets in Java: Practical Guide for Programmers
Ebook
TCP/IP Sockets in Java: Practical Guide for Programmers
byKenneth L. Calvert
Rating: 4 out of 5 stars
4/5
DevOps Tools Standard Requirements
Ebook
DevOps Tools Standard Requirements
byGerardus Blokdyk
Rating: 0 out of 5 stars
0 ratings
Getting Started with Grunt: The JavaScript Task Runner
Ebook
Getting Started with Grunt: The JavaScript Task Runner
byJaime Pillora
Rating: 3 out of 5 stars
3/5
OpenID Connect A Clear and Concise Reference
Ebook
OpenID Connect A Clear and Concise Reference
byGerardus Blokdyk
Rating: 0 out of 5 stars
0 ratings
DevOps Engineer A Complete Guide - 2021 Edition
Ebook
DevOps Engineer A Complete Guide - 2021 Edition
byGerardus Blokdyk
Rating: 0 out of 5 stars
0 ratings
Learning Android Application Testing
Ebook
Learning Android Application Testing
byDiego Torres Milano
Rating: 0 out of 5 stars
0 ratings