DAST Profile Modification
ID |
dast_profile_modification |
Severity |
critical |
Resource |
Organization |
Impact
Dynamic Application Security Testing (DAST) configuration settings are critical for identifying security vulnerabilities in your web applications. Unauthorized changes to the DAST configuration can potentially disrupt or compromise the security testing process and lead to various security risks:
-
Misconfigured Scans: Unauthorized changes to DAST configuration can result in scans that are misconfigured, leading to incomplete or ineffective security testing. This can leave vulnerabilities undiscovered.
-
Security Blind Spots: An attacker might modify the DAST configuration to skip certain URLs or endpoints, intentionally avoiding security testing on vulnerable parts of the application.
-
Security Testing Disruption: Unauthorized changes to DAST configurations can lead to disruptions in security testing processes, causing delays in vulnerability identification and remediation.
