Table of Content:
3.Solution
4.Results
Introduction
Bright’s Dynamic Application Security Testing (DAST) solution has been implemented by a large financial institution to scan for vulnerabilities in their APIs. The company uses Bright’s DAST scanner extensively to scan all common API formats including REST, SOAP, and GraphQL APIs. Additionally, Bright’s DAST solution enables the company to scan APIs via Postman Collections or a Swagger file, which are then parsed to define a detailed attack surface for their API endpoints. By utilizing Bright’s DAST solution, the company can now detect a broad set of vulnerabilities early in the SDLC and before they are released to production.
Background
The banking industry is a highly regulated industry that is constantly under the scrutiny of various regulatory bodies. To ensure compliance with regulatory requirements, the company has invested heavily in application security testing. However, the traditional application security testing methods such as manual testing and static analysis and legacy DAST were not sufficient to meet the increasing demands of the business. The company needed a solution that would enable them to identify vulnerabilities early in the development lifecycle and minimize the risk of security breaches.
Solution
The company selected Bright’s DAST solution to address their application security testing needs. The solution provides comprehensive scanning capabilities for all common API formats including REST, SOAP, and GraphQL APIs. The solution also supports scanning APIs via Postman Collections or a Swagger file, which is then parsed to define an optimized attack surface for their API endpoints.
Results
Since implementing Bright’s DAST solution, the company has been able to detect dozens of vulnerabilities before releasing to production on a monthly basis. The solution has proven to be effective in scanning all common API formats including REST, SOAP, and GraphQL APIs. The ability to scan APIs via Postman Collections or a Swagger file has enabled the company to define an optimized attack surface for their API endpoints.
Conclusion
Bright’s DAST solution has enabled a leading global financial institution to detect dozens of vulnerabilities early in SDLC and before releasing to production. The solution provides comprehensive scanning capabilities for all common API formats including REST, SOAP, and GraphQL APIs. The solution also supports scanning APIs via Postman Collections or a Swagger file, which is then parsed to define an optimized attack surface for their API endpoints. The company has found the solution easy to use and appreciates the flexibility it provides. The Bright team has been supportive throughout the implementation process and the company is happy with the results.
