Continuous Dynamic DAST Vulnerability Classes
Continuous Dynamic Premium Edition (PE)
Continuous Dynamic PE includes testing for both technical and business logic vulnerabilities. Black Duck’s Threat Research Center (TRC) performs custom testing to identify business logic flaws. Black Duck’s TRC engineers, who uncover these types of vulnerabilities, are technical experts capable of understanding account structures, contextual logic, and similar characteristics of web applications.
Technical - Continuous Dynamic DAST Vulnerability Classes PE | ||
---|---|---|
Application Code Execution |
Application Misconfiguration |
Autocomplete Attribute |
Brute Force |
Buffer Overflow |
Cacheable Sensitive Response |
Clickjacking |
Content Spoofing |
Cross Site Request Forgery |
Cross Site Scripting |
Denial of Service |
Directory Indexing |
Fingerprinting |
Frameable Resource |
HTTP Response Splitting |
Improper Input Handling |
Information Leakage |
Insecure Indexing |
Insufficient Anti-automation |
Insufficient Authentication |
Insufficient Authorization |
Insufficient Password Policy Implementation |
Insufficient Password Recovery |
Insufficient Process Validation |
Insufficient Session Expiration |
Insufficient Transport Layer Protection |
LDAP Injection |
Mail Command Injection |
Missing Secure Headers |
Non-HttpOnly Session Cookie |
OS Command Injection |
OS Commanding |
Path Traversal |
Predictable Resource Location |
Query Language Injection |
Remote File Inclusion |
Routing Detour |
Server Misconfiguration |
Session Fixation |
Session Prediction |
SQL Injection |
SSI Injection |
Unsecured Session Cookie |
URL Redirector Abuse |
Vulnerable Library |
XML External Entities |
XML Injection |
XPath Injection |
Technical Vulnerabilities Covered by PE - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |
A08 |
Software and Data Integrity Failures |
Business Logic Flaws - Continuous Dynamic Vulnerability Classes | ||
---|---|---|
Abuse of Functionality |
Insecure Indexing |
Insufficient Process Validation |
Brute Force |
Insufficient Anti-Automation |
Insufficient Session Expiration |
Credential/Session Prediction |
Insufficient Authentication |
Session Fixation |
Cross-Site Request Forgery |
Insufficient Authorization |
Denial of Service |
Insufficient Password Recovery |
Continuous Dynamic Standard Edition (SE)
Continuous Dynamic SE tests for the following technical vulnerabilities, it does not test for business logic flaws.
Technical - Continuous Dynamic Vulnerability Classes SE | ||
---|---|---|
Abuse of Functionality |
Application Misconfiguration |
Autocomplete Attribute |
Brute Force |
Buffer Overflow |
Cacheable Sensitive Response |
Content Spoofing |
Cross Site Request Forgery |
Cross Site Scripting |
Denial of Service |
Directory Indexing |
Fingerprinting |
Frameable Resource |
HTTP Response Splitting |
Improper Input Handling |
Information Leakage |
Insufficient Authentication |
Insufficient Authorization |
Insufficient Process Validation |
Insufficient Transport Layer Protection |
LDAP Injection |
Mail Command Injection |
Missing Secure Headers |
OS Command Injection |
OS Commanding |
Path Traversal |
Predictable Resource Location |
Remote File Inclusion |
Server Misconfiguration |
SQL Injection |
SSI Injection |
URL Redirector Abuse |
Vulnerable Library |
XML External Entities |
XML Injection |
XPath Injection |
Technical Vulnerabilities Covered by SE - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |
Continuous Dynamic Basic Edition (BE)
Continuous Dynamic BE tests for the following technical vulnerabilities, it does not test for business logic flaws.
Technical - Continuous Dynamic Vulnerability Classes BE | ||
---|---|---|
Abuse of Functionality |
Application Code Execution |
Autocomplete Attribute |
Brute Force |
Buffer Overflow |
Cacheable Sensitive Response |
Content Spoofing |
Cross Site Request Forgery |
Cross Site Scripting |
Denial of Service |
Directory Indexing |
Fingerprinting |
Frameable Resource |
HTTP Response Splitting |
Improper Input Handling |
Information Leakage |
Insufficient Authentication |
Insufficient Authorization |
Insufficient Process Validation |
Insufficient Transport Layer Protection |
LDAP Injection |
Mail Command Injection |
Missing Secure Headers |
OS Command Injection |
OS Commanding |
Path Traversal |
Predictable Resource Location |
Remote File Inclusion |
Server Misconfiguration |
SQL Injection |
SSI Injection |
URL Redirector Abuse |
Vulnerable Library |
XML External Entities |
XML Injection |
XPath Injection |
XQuery Injection |
Technical Vulnerabilities Covered by BE - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |