You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -63,7 +63,7 @@ For Java applications, [Sonatype](https://www.sonatype.com/) has some impressive
Again quoting [Gartner's](https://www.gartner.com/it-glossary/dynamic-application-security-testing-dast/) definition, these are tools which are "designed to detect conditions indicative of a security vulnerability in an application in its running state".
The tools that run against your code are a good start, but they aren't accessing the application like a user. Tools such as [Burp](https://portswigger.net/burp/), [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project), [Arachni](https://www.arachni-scanner.com/), w3af and [Vega](https://subgraph.com/vega/index.en.html) access the application itself, looking for exploit vectors like SQL Injection and cross-site scripting.
The tools that run against your code are a good start, but they aren't accessing the application like a user. Tools such as [Burp](https://portswigger.net/burp/), [OWASP ZAP](https://www.zaproxy.org/), [Arachni](https://www.arachni-scanner.com/), w3af and [Vega](https://subgraph.com/vega/index.en.html) access the application itself, looking for exploit vectors like SQL Injection and cross-site scripting.
