About Black Duck Continuous Dynamic

Verify the security of your web applications in production.

Black Duck® Continuous Dynamic™ (formerly WhiteHat Dynamic) is a production-safe dynamic application security testing (DAST) solution that rapidly detects vulnerabilities in running web applications. It uses a combination of continuous scanning, AI verification, and manual assessment by expert security engineers to deliver accurate and actionable results, with low false positives.

Key DAST features

Key features of the DAST component of Continuous Dynamic include:

Always-on

Continuous, concurrent vulnerability assessments for production web applications.

Authenticated scans

Scanner is configured for custom site authentication—including multi-step logins and MFA (SE & PE).

Production-safe form testing

Scanner is pre-trained to test web forms in a production-safe way before assessment begins.

Business logic

Black Duck Threat Research Center engineers perform business logic assessments (BLAs), repeated annually, to complement automated testing (PE).

Ask-a-Question

Unlimited access to security experts at the Threat Research Center through the Ask-a-Question feature.

Fast results

Verified, actionable results in the Continuous Dynamic Portal as soon as scans begin (SE & PE).

At-a-glance visibility

Reporting and intelligence metrics support business risk management, with a range of management and audit reports.

Internal scans

Scanning of internal web apps is supported with the Sentinel Appliance VM.

With Continuous Dynamic, human expertise is augmented by an advanced DAST scan engine and AI verification of vulnerabilities. Our TRC engineers configure the scanner to test your web applications based on logical conditions and ensure that testing methods are always production-safe. Comprehensive scans accurately identify vulnerabilities in your web application and provide the information that you need to understand, prioritize, and mitigate or remediate those vulnerabilities.

Fast setup

Getting started with DAST scanning in Continuous Dynamic is quick and easy. During the DAST onboarding process, you will provide the following information:

  • URLs for the web applications you want to scan

  • Site scanning credentials (if needed for authenticated scans)

  • A schedule of permitted scanning periods

After pre-configuration checks by Black Duck engineers, actionable results are provided straight away in a parse-scan phase. When a full scan completes, Continuous Dynamic provides you with detailed vulnerability information, including an explanation of the vulnerability / class and recommendations for remediation. You now have direct access to Threat Research Center engineers to respond to any questions about the vulnerability, the associated risks, and how it can be remediated.

To get started with Continuous Dynamic, see Getting Started with the Continuous Dynamic Portal.

DAST service levels

There are three core DAST service levels for Continuous Dynamic: BE, SE and PE. Each level is appropriate for different types of applications and purposes. To see what is included in each level see, Continuous Dynamic (DAST).

Sentinel Source

Sentinel Source is the Static Application Security Testing (SAST) component of Continuous Dynamic.

Projects in development can be analyzed with Sentinel Source even before the code is compiled. You provide Sentinel Source with the repository information needed and Sentinel Source will scan your source code or your binaries. Sentinel Source then provides you with detailed vulnerability information, including the implicated code snippets, an explanation of the problem, and recommendations for remediation. You can also enable "Directed Remediation" and receive specific code designed to fix your vulnerability.

See Sentinel Source (SAST).

AutoAPI

AutoAPI is the API scanning component of Continuous Dynamic.

With AutoAPI, you can perform security scans on APIs using a supplied API specification file. AutoAPI identifies and verifies vulnerabilities in the APIs it scans.

See API Testing.