Introducing fAST Dynamic: Streamlining dynamic application security testing

Wednesday, April 17, 2024

Today, we’re excited to announce the availability of fAST Dynamic, the latest offering on the Polaris Software Integrity Platform®. As web applications become more complex, so too does the task of testing them for security issues at the pace of modern development pipelines. Polaris fAST Dynamic simplifies dynamic application security testing (DAST) for modern web applications, while also making it faster and easier for the teams developing them.

Introducing fAST Dynamic

As applications evolve from simple websites to complex, multilayered systems, the limitations of traditional DAST tools have become obvious. These tools, originally developed for earlier web architectures, often become bloated with edge-case checkers and features, making them more difficult to use and leading to longer scan times and higher rates of false positives. While this may be acceptable for security teams running periodic audits, development teams need solutions that are easier, faster, and more accurate.

In response to these evolving security challenges, we are introducing fAST Dynamic. This solution streamlines and optimizes DAST for the needs of development teams, seamlessly integrating into development workflows and making dynamic testing accessible for developers who may not be security experts. fAST Dynamic simplifies the execution of comprehensive security scans, eliminating the need for complex setups or in-depth security knowledge. Polaris fAST Dynamic caters to the needs of modern web development, including advanced JavaScript frameworks and single-page applications, ensuring complete coverage and accurate results. And like the other scan engines available on Polaris, fAST Dynamic is also highly scalable, supporting large numbers of applications and aggressive pipeline SLAs, so teams can maintain velocity while implementing secure and compliant development practices.

Key features of fAST Dynamic

Easy start: Initiating security tests is straightforward, requiring minimal steps and no complex configurations. Teams can onboard, scan, and get results in minutes.

Smart attack execution: fAST Dynamic intelligently navigates and analyzes web applications, reducing the need for extensive manual input and specialized expertise, ensuring comprehensive coverage without added complexity.

Efficiency and accuracy: The optimized checkers deliver low false positives while prooviding accurate vulnerability detection, emphasizing high-value checks that identify the highest-risk issues for a more efficient testing process.

Agility and scalability: Designed to fit into agile development cycles, fAST Dynamic supports rapid security testing, easily scaling to accommodate a large number of web applications without compromising performance.

The Polaris platform: Simplifying application security

The Polaris Software Integrity Platform is an integrated application security testing (AST) platform that brings our market-leading staticsoftware composition analysis, and now dynamic scan engines together into an easy-to-use cloud-based solution. With Polaris, teams can onboard applications quickly, automate and run any combination of scans concurrently, deliver actionable results to developers, and scale their AST program to cover thousands of developers and applications.

Polaris provides seamless integrations with the DevOps tools you use today, including GitHub, GitLab, and Azure SCMs, including bulk onboarding of projects, automated scanning triggered by pull requests, and delivery of results in pull request comments. You can also automate tests via Jenkins and other CI tools, and deliver results to developers directly in Jira.

Security teams can also drive and measure the progress of AppSec testing with Polaris. The built-in policy management capabilities allow security teams to standardize the handling of findings across teams. And with Polaris reporting and analytics, business decision-makers get a holistic view into testing results and portfolio risk posture. For more on Polaris, please see the Polaris data sheet.

Learn more about fAST Dynamic

We’re excited to add dynamic analysis to Polaris with fAST Dynamic as part of our commitment to helping teams streamline their application security testing processes and providing user-friendly solutions that integrate smoothly into their SDLC.

Join us for a live demo to see how fAST Dynamic and the Polaris platform can support your organization’s application security needs.

This post was originally posted in https://www.synopsys.com/blogs/software-security/fast-dynamic-dast.html

For more information, contact Lexington Soft or request a free trial.