Free: Dastardly from Burp Suite
2022-10-27 21:3:30 Author: portswigger.net(查看原文) 阅读量:29 收藏

Matt Atkinson | 27 October 2022 at 13:03 UTC

Dastardly, from Burp Suite

Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite.

Secure web development ain't easy

Ensuring your code is written securely can be a bit of a headache. Most of us know about the risks of SQL injection by now, but what about vulnerabilities like Cross-site scripting (XSS) or CORS misconfigurations?

There are hundreds of static (SAST) code analysis tools around, but many are prone to noise - distracting you with a seemingly endless stream of false positives. In short, these tools often get ignored at best.

Dastardly is different

Dastardly's scanner produces very little noise, thanks to its dynamic (DAST) methodology. It looks at your application from the outside in - just like a real attacker. So if it sees a vulnerability, you can be pretty sure it's real. And to do this, it uses a stripped-down version of the scanner used by Burp Suite - the world's leading toolkit for web security testing.

In the past, dynamic analysis has been difficult to fit into CI/CD - being slower than static analysis. But Dastardly scans complete in ten minutes or less - giving you fast feedback on seven security issues you should be aware of. This gives you the ability to fix actual security issues there and then, without any painful context-switching or false positives.

Get scanning!

That's really all there is to it - Dastardly is fast, accurate, and completely free of charge.

And we've made it easy to get it running in your CI/CD pipeline. Check out the Dastardly documentation for more details.

Like what you see? Follow us on Twitter for all the latest Dastardly / Burp Suite news.

Matt Atkinson


文章来源: https://portswigger.net/blog/free-dastardly-from-burp-suite
如有侵权请联系:admin#unsafe.sh