Continuous Dynamic DAST Vulnerability Classes

Continuous Dynamic Premium Edition (PE)

Continuous Dynamic PE includes testing for both technical and business logic vulnerabilities. Black Duck’s Threat Research Center (TRC) performs custom testing to identify business logic flaws. Black Duck’s TRC engineers, who uncover these types of vulnerabilities, are technical experts capable of understanding account structures, contextual logic, and similar characteristics of web applications.

Technical - Continuous Dynamic DAST Vulnerability Classes PE

Application Code Execution

Application Misconfiguration

Autocomplete Attribute

Brute Force

Buffer Overflow

Cacheable Sensitive Response

Clickjacking

Content Spoofing

Cross Site Request Forgery

Cross Site Scripting

Denial of Service

Directory Indexing

Fingerprinting

Frameable Resource

HTTP Response Splitting

Improper Input Handling

Information Leakage

Insecure Indexing

Insufficient Anti-automation

Insufficient Authentication

Insufficient Authorization

Insufficient Password Policy Implementation

Insufficient Password Recovery

Insufficient Process Validation

Insufficient Session Expiration

Insufficient Transport Layer Protection

LDAP Injection

Mail Command Injection

Missing Secure Headers

Non-HttpOnly Session Cookie

OS Command Injection

OS Commanding

Path Traversal

Predictable Resource Location

Query Language Injection

Remote File Inclusion

Routing Detour

Server Misconfiguration

Session Fixation

Session Prediction

SQL Injection

SSI Injection

Unsecured Session Cookie

URL Redirector Abuse

Vulnerable Library

XML External Entities

XML Injection

XPath Injection

Technical Vulnerabilities Covered by PE - OWASP 2021 Top 10

Vulnerabilities

Description

A01

Broken Access Control

A02

Cryptographic Failures

A03

Injection

A04

Insecure Design

A05

Security Misconfiguration

A06

Vulnerable and Outdated Components

A07

Identification and Authentication Failures

A08

Software and Data Integrity Failures

Business Logic Flaws - Continuous Dynamic Vulnerability Classes

Abuse of Functionality

Insecure Indexing

Insufficient Process Validation

Brute Force

Insufficient Anti-Automation

Insufficient Session Expiration

Credential/Session Prediction

Insufficient Authentication

Session Fixation

Cross-Site Request Forgery

Insufficient Authorization

Denial of Service

Insufficient Password Recovery

Continuous Dynamic Standard Edition (SE)

Continuous Dynamic SE tests for the following technical vulnerabilities, it does not test for business logic flaws.

Technical - Continuous Dynamic Vulnerability Classes SE

Abuse of Functionality

Application Misconfiguration

Autocomplete Attribute

Brute Force

Buffer Overflow

Cacheable Sensitive Response

Content Spoofing

Cross Site Request Forgery

Cross Site Scripting

Denial of Service

Directory Indexing

Fingerprinting

Frameable Resource

HTTP Response Splitting

Improper Input Handling

Information Leakage

Insufficient Authentication

Insufficient Authorization

Insufficient Process Validation

Insufficient Transport Layer Protection

LDAP Injection

Mail Command Injection

Missing Secure Headers

OS Command Injection

OS Commanding

Path Traversal

Predictable Resource Location

Remote File Inclusion

Server Misconfiguration

SQL Injection

SSI Injection

URL Redirector Abuse

Vulnerable Library

XML External Entities

XML Injection

XPath Injection

Technical Vulnerabilities Covered by SE - OWASP 2021 Top 10

Vulnerabilities

Description

A01

Broken Access Control

A02

Cryptographic Failures

A03

Injection

A04

Insecure Design

A05

Security Misconfiguration

A06

Vulnerable and Outdated Components

A07

Identification and Authentication Failures

Continuous Dynamic Basic Edition (BE)

Continuous Dynamic BE tests for the following technical vulnerabilities, it does not test for business logic flaws.

Technical - Continuous Dynamic Vulnerability Classes BE

Abuse of Functionality

Application Code Execution

Autocomplete Attribute

Brute Force

Buffer Overflow

Cacheable Sensitive Response

Content Spoofing

Cross Site Request Forgery

Cross Site Scripting

Denial of Service

Directory Indexing

Fingerprinting

Frameable Resource

HTTP Response Splitting

Improper Input Handling

Information Leakage

Insufficient Authentication

Insufficient Authorization

Insufficient Process Validation

Insufficient Transport Layer Protection

LDAP Injection

Mail Command Injection

Missing Secure Headers

OS Command Injection

OS Commanding

Path Traversal

Predictable Resource Location

Remote File Inclusion

Server Misconfiguration

SQL Injection

SSI Injection

URL Redirector Abuse

Vulnerable Library

XML External Entities

XML Injection

XPath Injection

XQuery Injection

Technical Vulnerabilities Covered by BE - OWASP 2021 Top 10

Vulnerabilities

Description

A01

Broken Access Control

A02

Cryptographic Failures

A03

Injection

A04

Insecure Design

A05

Security Misconfiguration

A06

Vulnerable and Outdated Components

A07

Identification and Authentication Failures