Black box analysis is essential to application security
Dynamic Analysis Security Testing (DAST), also known as black box analysis, is a critical tool for securing web applications. Designed to find security errors in applications while they are running in production, black box testing is performed without knowledge of the internal workings of an application and without access to the source code. Consequently, black box analysis replicates what attackers see and uses the same techniques that attackers use when probing the attack surface – supplying malicious input to shopping carts or web forms, for example.
While black box analysis can be instrumental in finding and remediating vulnerabilities in applications in production, to achieve optimum application security a black box test must be combined with other application testing tools.
That’s where CA Veracode can help.
Black box analysis from CA Veracode
CA Veracode delivers the solutions that organizations need to achieve application security in a software-driven world. Built on a unified platform, CA Veracode solutions let organizations evaluate and enhance application security from inception through production, seamlessly integrating security into development without the need for additional staff, equipment or resources.
CA Veracode combines black box analysis with static testing (also known as white box testing) and software composition analysis in a single cloud-based service to provide a comprehensive solution for finding vulnerabilities in software applications.
CA Veracode Web Application Scanning uses black box analysis tools to communicate with a web application through the web front-end, identifying potential security vulnerabilities and architectural weaknesses. CA Veracode’s blackbox testing tools can look for and identify a wide range of issues, including input/output validation, specific application problems, and server configuration mistakes. CA Veracode also looks “inside” directories, debug code, leftover source code and resource files to find SQL strings, ODBC connectors, hidden username/passwords and other information that attackers can use to gain unauthorized access to your software.
Benefits of CA Veracode’s black box analysis solution
With black box analysis tools from CA Veracode, you can:
- Find vulnerabilities in a finalized release candidate before shipping.
- Simulate the actions of a malicious hacker by attacking and probing, then identifying which results are not part of the expected result set.
- Scan applications written in any language – JAVA/JSP, PHP or any other engine-driven web application – with a dynamic testing tool that is not language -dependent.
- Develop reports on critical flaws with information that enables development and QA teams to recreate vulnerabilities.
- Use detailed remediation information to fix issues more quickly.
- Use proactive recommendations to develop longer-term strategies for improving application security across your software portfolio.
Learn more about black box analysis solutions from CA Veracode.