(Static Application Security Testing) The source code along with the byte code and app binaries are tested for vulnerabilities from inside-out. The SAST software scans the whole app with query patterns associated with the vulnerabilities and checks if the app is handling the request properly. Through this process, SAST will often find issues like buffer overflows and memory leaks, along with more complicated vulnerabilities like SQL injection issues and cross-site scripting issues.
Dynamic Application Security Testing (DAST) is considered as black box method. It analyses the app in real-time while the application is running. No access or knowledge of the inner workings of the application is provided prior to the testing and attempt to exploit any potential vulnerabilities by malicious attackers. Essentially, this testing method looks from the outside in, simulating attacks against the application and analysing application behaviour.
(Hybrid Application Security Testing): The combination of SAST and DAST is referred to as HAST. Some vulnerabilities can be found only with SAST testing, others with DAST. Testing application with only one form of testing tool leaves residual risk. Apps should be tested with both techniques to yield the most comprehensive testing.
The report that Recon provided us with was very useful. Although, we haven't acted on it yet but we do appreciate your efforts in compiling this report. We are looking to have a long and strong relation with Recon.
I would like to convey our sincere thanks to Recon for your kind support in carrying out cyber audit of HAMRAAZ IT infrastructure which enabled its smooth uninterrupted and secure functioning over NIC cloud. With your constant security guidelines, the Appln is successfully providing the intended services to serving soldiers of Indian Army.