Dynamic Analysis Is Critical to Application Security
Dynamic analysis is the testing and evaluation of a program by executing data in real-time. The objective is to find security errors in a program while it is running. CA Veracode's dynamic analysis testing empowers companies to identify and remediate security issues in their running web applications before hackers can exploit them. By dynamically testing web applications in a run-time environment, CA Veracode inspects applications the same way a hacker would attack them – providing the most accurate and actionable vulnerability detection available.
Dynamic Analysis Testing
A Dynamic analysis test communicates with a web application through the web front-end in order to identify potential security vulnerabilities and architectural weaknesses in the web application. Unlike source code scanners, a dynamic analysis program doesn't have access to the source code and therefore detects vulnerabilities by actually performing attacks.
A dynamic analysis security scanner can facilitate the automated detection of security vulnerabilities within a web application. A dynamic analysis test is often required to comply with various regulatory requirements. Dynamic analysis scanners can look for a wide variety of vulnerabilities, including:
- Input/output validation: (Cross-Site Scripting, SQL Injection, etc.)
- Specific application problems
- Server configuration mistakes/errors
Dynamic Analysis Benefits Using CA Veracode
- A dynamic analysis tool can detect vulnerabilities of the finalized release candidate before shipping.
- A dynamic analysis tool simulates a malicious user by attacking and probing, and seeing what results are not part of the expected result set.
- As a dynamic testing tool, it is not language dependent. A web application scanner is able to scan JAVA/JSP, PHP or any other engine-driven web application.
- Report of critical vulnerabilities discovered is delivered, complete with accompanying information to enable development and QA teams to recreate flaws.
- Detailed remediation information on how to fix the flaws is provided.
- Guidance is provided on proactive steps to drive longer-term strategies that organizations can adopt to improve overall application security across their software portfolio.
Advanced Dynamic Analysis to Find Hidden Issues
CA Veracode's dynamic analysis security scanning analyzes the data and content of information presented by the application in order to find hidden security issues that are missed by other products. CA Veracode dynamic analysis looks "inside" of directories, debug code, leftover source code and resource files to find hidden username/passwords, SQL strings, ODBC connectors and other sensitive information that hackers can exploit to gain unauthorized access to your application.
Full Integration With Static Analysis
Unlike "stand-alone" web scanners, CA Veracode is the only dynamic analysis provider to incorporate both static and dynamic testing as a single offering. CA Veracode's dynamic web application testing is integrated with our patented static binary analysis, which enables enterprises to fully test their applications using multiple assessment methods to provide a single set of convergent results, ratings and reports.