Security requirements verified with DAST | Fluid Attacks Help

Security requirements verified with DAST

In this page, you can see the security requirements assessed by Fluid Attacks' dynamic application security testing (DAST), differentiating by the technology supported by the scanner.
Idea
Want to run DAST scans on your own? Learn how in DAST scanner configuration file.

APK

Scanner method name
Related security requirement verified
APK_BACKUPS_ENABLED
APK_DEBUGGING_ENABLED
APK_EXPORTED_CP
APK_UNSIGNED
FRAGMENT_INJECTION
IMPROPER_CERTIFICATE_VALIDATION
NOT_VERIFIES_SSL_HOSTNAME
SOCKET_GET_INSECURE
WEBVIEW_VULNS

DNS

Scanner method name
Related security requirement verified
CHECK_DNS_RECORDS

HTTP

Scanner method name
Related security requirement verified
CONTENT_SECURITY_POLICY
DATE
HTTP_ACCESS_CONTROL_ALLOW_METHODS_INSECURE
HTTP_PERMISSIONS_POLICY_HEADER_NOT_PRESENT
HTTP_SERVER_HEADER_LEAKED
HTTP_X_ASPNET_MVC_VERSION_HEADER_LEAKED
HTTP_X_ASPNET_VERSION_HEADER_LEAKED
HTTP_X_BACKEND_SERVER_HEADER_LEAKED
HTTP_X_POWERED_BY_HEADER_LEAKED
HTTP_X_XSS_PROTECTION_ENABLED
LOCATION
REFERRER_POLICY
SET_COOKIE_HTTPONLY
SET_COOKIE_SAMESITE
SET_COOKIE_SECURE
STRICT_TRANSPORT_SECURITY
SUB_RESOURCE_INTEGRITY
UPGRADE_INSEC_REQ
VIEW_STATE
WWW_AUTHENTICATE
X_CONTENT_TYPE_OPTIONS

SSL

Scanner method name
Related security requirement verified
CBC_ENABLED
FALLBACK_SCSV_DISABLED
FREAK_POSSIBLE
HEARTBLEED_POSSIBLE
PFS_DISABLED
SSL_CERTIFICATE_EXPIRED266. Disable insecure functionalities
SSL_SELF_SIGNED_CERTIFICATE
SSLV3_ENABLED
TLSV1_1_ENABLED
TLSV1_2_OR_HIGHER_DISABLED
TLSV1_3_DOWNGRADE
TLSV1_ENABLED
WEAK_CIPHERS_ALLOWED

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.