https://github.com/astteam/dast

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.
https://github.com/astteam/dast

0e0w dast

Last synced: 4 months ago
JSON representation

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

• Host: GitHub
• URL: https://github.com/astteam/dast
• Owner: ASTTeam
• Created: 2022-01-17T15:03:13.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-10-29T01:37:40.000Z (over 2 years ago)
• Last Synced: 2025-01-03T08:47:35.020Z (5 months ago)
• Topics: 0e0w, dast
• Homepage:
• Size: 4.88 KB
• Stars: 49
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# 《深入理解DAST动态应用程序安全测试》

![DAST](https://socialify.git.ci/ASTTeam/DAST/image?description=1&font=Inter&forks=1&issues=1&name=1&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Light)

DAST在安全测试领域相当重要，不仅是发现漏洞的有效方法，也是发现漏洞的最直接方法。尽管DAST有时弊病百出，比如效果严重依赖有技术壁垒的爬虫技术、会产生大量的脏数据、特定漏洞无法检测等诸多问题。但DAST的出现直接推动了安全漏洞的出现。下一代DAST必然会因为成本较低而继续发展壮大！作者：[0e0w](https://github.com/0e0w)

本项目创建于2022年1月17日，最近的一次更新时间为2022年10月28日。

- [01-DAST资源](https://github.com/ASTTeam/DAST#01-dast%E8%B5%84%E6%BA%90)

- [02-DAST工具](https://github.com/ASTTeam/DAST#02-dast%E5%B7%A5%E5%85%B7)

- [03-DAST原理](https://github.com/ASTTeam/DAST#03-dast%E5%8E%9F%E7%90%86)

- [04-DAST开发](https://github.com/ASTTeam/DAST#04-dast%E5%BC%80%E5%8F%91)

- [05-DAST未来](https://github.com/ASTTeam/DAST#05-dast%E6%9C%AA%E6%9D%A5)

- [06-DAST参考](https://github.com/ASTTeam/DAST#06-dast%E5%8F%82%E8%80%83)

## 01-DAST资源

一、书籍资源

二、学术论文

三、视频资源

四、优秀资源

五、英文资源

六、其他资源

- [ ] https://github.com/banzaicloud/dast-operator

- [ ] https://github.com/analysis-tools-dev/dynamic-analysis

- [ ] https://github.com/zaproxy/action-full-scan

- [ ] https://github.com/probr/probr-core

- [ ] https://github.com/yufei1900/DAST_segmentation

- [ ] https://github.com/jacksingleton/dast-pipeline

- [ ] https://github.com/zaproxy/zaproxy

- [ ] https://github.com/we45/ThreatPlaybook

- [ ] https://github.com/probr/probr-core

- [ ] https://github.com/Yelp/fuzz-lightyear

- [ ] https://github.com/secdec/attack-surface-detector-zap

- [ ] https://github.com/yufei1900/DAST_segmentation

- [ ] https://github.com/mvnnn/DAStudentWeb

- [ ] https://github.com/tristanlatr/burpa

- [ ] https://github.com/crashtest-security/github-action

- [ ] https://github.com/julietavuan/dast

- [ ] https://github.com/MettupalliInc/DAST

## 02-DAST工具

一、优秀工具

- AWVS

- NESSUS

- Xray

- BurpSuite

- https://www.zaproxy.org

二、开源工具

三、商业产品

四、其他工具

- https://github.com/Hypdncy/NessusToReport

- https://github.com/analysis-tools-dev/dynamic-analysis

## 03-DAST原理

一、DAST基础

二、DAST分类

- 主动扫描

- 被动扫描

  - https://github.com/0e0w/PassivesScan

## 04-DAST开发

- 如何开发一款优秀的DAST工具？

## 05-DAST未来

- 什么样的DAST是未来有竞争力的产品？

## 06-DAST参考

- http://github.com/Goqi

[![Stargazers over time](https://starchart.cc//ASTTeam/DAST.svg)](https://starchart.cc/ASTTeam/DAST)