SPEAKER: Clinton Herget, Field CTO at Snyk

From the earliest days of web applications, the tried-and-true (and somewhat maligned) vulnerability scanning technique has been DAST – Dynamic Application Security Testing. This methodology treats software as a ‘black box’ it attempts to exploit from the outside through automated attacks that reflect real-world threat vectors.

Despite the rise of SAST (Static Application Security Testing, or ‘white box’ analysis of code itself), Software Composition Analysis (SCA) and other techniques, DAST has remained the cornerstone of AppSec practice, and is often required to meet regulatory compliances.

To the software developer, however, DAST is not one of the friendliest forms of security testing. This is because it must be run long after code is written and deployed, and despite a high degree of accuracy, it requires developers to spend significant toil to identify the source of the issue and determine remediation steps. In modern DevSecOps and developer-focused security tools especially, DAST is an outlier in its inability to be integrated with the developer experience.

This need not be the case. Advancements in runtime monitoring, Machine Learning and accuracy of other techniques like SAST, offer new possibilities for dynamic testing.

Join this Register webinar in which Clinton Herget, Field CTO at Snyk, explains the potential for next-generation DAST practice. In this webinar you will learn about:

• The benefits of dynamic analysis – and why most AppSec teams still rely on it.
• What makes DAST so difficult to fit inside a modern DevSecOps workflow.
• How DAST be changed to provide a more positive software developer experience.
• The possibility that techniques like eBPF can enhance the value of DAST results.
• The possibility of true DAST-to-SAST correlation – and what this would mean for the future of AppSec practice.