Dealing With Lenthy DAST Scans

Sometimes scanning a website that contains a substantial amount of dynamically generated content with Syhunt Dynamic can become a considerably high time-consuming task. This is not due to a bug or limitation of Syhunt, but exactly the opposite: Syhunt Dynamic does not seek to limit how deep it can go when mapping a web site structure and its entry points since the goal is always to fully test the target website for vulnerabilities and weaknesses. But sometimes such websites are extremely extensive and generate an infinite number of links. This often becomes a problem to the tester if he needs to perform the scan in a timely manner.

Despite the challenge described above, we consider that DAST scans against websites that heavily serve dynamic content should take a maximum duration of 3 hours. Due to this reason, Syhunt Dynamic already comes incremental scan capability that reduces the time of scan and with a large amount rules to accelerate scans against such websites - every week Syhunt adds new rules that come with new Syhunt updates. When such built-in rules are not enough to guarantee a timely scan against a specific website, at the client's request, a Syhunt expert analyzes the client's website and add new customized rules to the tool.

We call this process DAST Optimization and it usually takes just a few hours to be performed. During this process, Syhunt adds the new rules that accelerate the mapping and guide the tool when mapping the relevant areas and entry points of the website, avoiding redundant dynamic content and thus solving the lengthy scan. When a DAST optimization is performed by Syhunt, no attacks are performed against the target website, so there are no risks to its integrity or availability. A new Syhunt release is made available after the optimization is finished containing the newly added rules.

Create a support ticket and list the target URLs that need DAST optimization.

Complementary Security Testing Methodologies

Syhunt also recommends that SAST operations are performed as a complement to the DAST especially against the source code of websites that serve heavily dynamic content, which can be done with Syhunt Code.