SECURITY HYBRID ANALYSIS
HYBRID ANALYSIS OF WEB APPLICATIONS UNCOVERS
A GREATER ATTACK SURFACE
THE USE OF SOPHISTICATED, DYNAMIC WEB APPLICATIONS IN CONJUNCTION WITH CORPORATE WEBSITES HAS INCREASED EXPONENTIALLY OVER THE LAST DECADE
In 2014 alone, 43 percent of businesses surveyed by the Ponemon Institute reported that they had experienced a data breach, a statistic that represents a 10 percent increase from the previous year. Financially, this results in millions of dollars of lost revenue, hence businesses are seeing the need for comprehensive security assessments and audits in order to protect themselves - and their customers - from costly attacks on their web application data and infrastructure. There are a wide variety of possible security assessments, tools, and techniques that can be used to provide an in-depth overview of your web application's security posture. Security assessments include dynamic penetration testing (black-box), static source code reviews (white-box), and a combination of
both known as a hybrid analysis. A hybrid application penetration test can
be used by your company to determine the entire attack surface of
your web applications in order for you to adequately maintain
complete information security.
WE COMBINE DYNAMIC APPLICATION SECURITY TESTING (DAST)
AND STATIC APPLICATION SECURITY TESTING (SAST) FOR GREATER COVERAGE
THE INHERENT LIMITATIONS OF SAST AND DAST ARE COUNTERED BY USING BOTH
Static Application Security Testing (SAST) looks at the application source code to deeply inspect each line for weak coding practices that could introduce fatal security holes that a cyber-attacker could take advantage of. Such weaknesses in code include backdoors, the use of weak encryption ciphers, code that could allow for buffer overflows, etc. SAST is best used by software engineers during the development life cycle in order to quickly identify any weaknesses in the source code before the web application is put into production. The use of both security assessment systems results in a comprehensive, thorough security assessment that produces an in-depth overview of the security posture of your web applications from an external perspective and from an internal perspective. This offers complete coverage of the total attack surface of your web applications from their static source code to their dynamic execution during run-time.
THE POTENTIAL FALSE POSITIVES OF SAST
ARE PRIORITIZED BY DAST IN A LIVE MODEL
THIS COMBINATION ALLOWS FOR A MORE RIGOROUS COVERAGE OF ALL ATTACK VECTORS
During the run-time analysis of your web applications, DAST tools prioritize potential security vulnerabilities found via SAST in order to differentiate between actual security vulnerabilities stemming from weaknesses in the source code versus the implementation of code that does not result in any security issues during run-time.
With this, only meaningful security issues are reported by the combined SAST and DAST suites to provide an accurate depiction of your web application's security posture.
As data breaches only increase in frequency, security monitoring is quickly becoming compulsory as web application risks and threats quickly escalate. With potential cost per record ranging from $355 for the healthcare industry to $129 for retail, all industries are being greatly affected by data breaches.
It is imperative that businesses incorporate hybrid application security testing protocols into their security model to stay safe, secure, and impervious to the attacks of cyber-criminals.