From 6594ea5c44f6f97ea9316224b6b8ef87692f304d Mon Sep 17 00:00:00 2001 From: Alex <53379240+AlexandraC0@users.noreply.github.com> Date: Mon, 24 Nov 2025 12:54:57 +0100 Subject: [PATCH 1/2] Add Escape DAST to 2-4-2-Dynamic-Application-Security-Testing.md --- .../2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md b/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md index 6ee11b9..76d0877 100644 --- a/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md +++ b/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md @@ -26,12 +26,14 @@ DAST tools allow for extensive scans from the client side and server side withou - [Acunetix](https://www.acunetix.com) - An automatic web security testing scanner that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs) - [Burp Suite](http://www.portswigger.net/) is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. - [Dastardly](https://portswigger.net/burp/documentation/dastardly) - Lightweight web application security scanner designed to run in CI/CD pipelines. +- [Escape DAST](https://www.escape.tech) - Escape DAST is purposely built for testing for business logic vulnerabilities and handling complex auth scenarios in modern applications: APIs (including GraphQL) and Single Page Apps (SPAs) - [HCL AppScan on Cloud](https://cloud.appscan.com) - DAST tool built as a service. It can scan both public and privatly hosted application. Can explore and test modern web applications, leverage manually recorded steps and handle complex login scenarios. - [InsightAppSec (AppSpider)](https://www.rapid7.com/products/insightappsec) - Application security testing for the modern web - [Netsparker](https://www.netsparker.com) - It can identify vulnerabilities in all types of modern web applications, regardless of the underlying architecture or platform - [Nuclei](https://github.com/projectdiscovery/nuclei) - Fast and customisable vulnerability scanner based on simple YAML based DSL. - [Veracode Dynamic Analysis](https://www.veracode.com/products/dynamic-analysis-dast) - Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale + --- ### Links From c8dec4e3fdcc8709f536f3eb102c171d0590af2e Mon Sep 17 00:00:00 2001 From: Alex <53379240+AlexandraC0@users.noreply.github.com> Date: Thu, 27 Nov 2025 15:37:03 +0100 Subject: [PATCH 2/2] Add Escape DAST to 2-4-2-Dynamic-Application-Security-Testing.md --- .../2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md b/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md index 76d0877..1a7df3d 100644 --- a/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md +++ b/current-version/2-Process/2-4-Test/2-4-2-Dynamic-Application-Security-Testing.md @@ -26,13 +26,12 @@ DAST tools allow for extensive scans from the client side and server side withou - [Acunetix](https://www.acunetix.com) - An automatic web security testing scanner that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs) - [Burp Suite](http://www.portswigger.net/) is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. - [Dastardly](https://portswigger.net/burp/documentation/dastardly) - Lightweight web application security scanner designed to run in CI/CD pipelines. -- [Escape DAST](https://www.escape.tech) - Escape DAST is purposely built for testing for business logic vulnerabilities and handling complex auth scenarios in modern applications: APIs (including GraphQL) and Single Page Apps (SPAs) - [HCL AppScan on Cloud](https://cloud.appscan.com) - DAST tool built as a service. It can scan both public and privatly hosted application. Can explore and test modern web applications, leverage manually recorded steps and handle complex login scenarios. - [InsightAppSec (AppSpider)](https://www.rapid7.com/products/insightappsec) - Application security testing for the modern web - [Netsparker](https://www.netsparker.com) - It can identify vulnerabilities in all types of modern web applications, regardless of the underlying architecture or platform - [Nuclei](https://github.com/projectdiscovery/nuclei) - Fast and customisable vulnerability scanner based on simple YAML based DSL. -- [Veracode Dynamic Analysis](https://www.veracode.com/products/dynamic-analysis-dast) - Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale - +- [Veracode Dynamic Analysis](https://www.veracode.com/products/dynamic-analysis-dast) - Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale. +- [Escape DAST](https://escape.tech) - Escape DAST is purposely built for testing for business logic vulnerabilities at scale and handling complex auth scenarios in modern applications: APIs (including GraphQL) and Single Page Apps (SPAs) ---