Published September 30, 2024 | Version v2
Journal article Open

Dynamic Application Security Testing (DAST) Performance Optimization: Strategies for Reducing False Positives and Negatives

Authors/Creators

Description

This paper aims at understanding the critical issues with the DAST tools and the main one is the high-end false positives that affect the effectiveness of the security evaluations. Although DAST is a significant asset in discovering weaknesses in applications while they are in use, the challenge of large numbers of false positives presents challenges for security specialists, which results in time and monetary waste and the possible failure to recognize actual risks. This paper outlines the main causes of false positives in DAST which include improper scanning settings, dynamic content changes and the general nature of heuristic based detection. Furthermore, this paper also presents recommendations on how to prevent these problems, some of which are consideration of the use of the combined DAST and SAST testing strategies and the integration of machine learning techniques to help in the improvement of detection rate. The results outlined above point to the necessity of expanding the range of methodological tools and developing new technologies in DAST to form more stable security environment. Therefore, by correcting these challenges, it will be easier for organizations to fashion better security strategies and maximize resource utilization on application security.

Files

EJAET-11-9-111-116.pdf

Files (393.8 kB)

Name Size Download all
md5:2752bc28b364fe26190b769f12dc906a
393.8 kB Preview Download

Additional details

References

  • [1]. Anodot. (2024). How do you reduce false positives and false negatives? Learning Centre. https://www.anodot.com/learning-center/false-positive-and-false-negative/
  • [2]. Malik, K. (2024). What is DAST (Dynamic Application Security Testing)? Astra. https://www.getastra.com/blog/security-audit/what-is-dast/
  • [3]. Modor Intelligence. (2024). Dynamic application security testing market size & share analysis- Growth trends & Forecasts (2024-2029). https://www.mordorintelligence.com/industry-reports/dynamic-application-security-testing-market
  • [4]. Grand View Research. (2022). Application security market size, share & trends analysis report by component (Solution, Services), By Solution, By Services, By Testing Type, By Deployment, By Enterprise Size, By End-use, By Region, And Segment Forecasts, 2024 – 2030. https://www.grandviewresearch.com/industry-analysis/application-security-market
  • [5]. Smith, J., & Doe, K. (2023). Fine-tuning rule-based detection in DAST: Optimizing performance in enterprise systems. Journal of Cyber Threat Analysis, 20(2), 76-89.
  • [6]. Martin, S., & Gupta, A. (2021). Hybrid approaches in application security testing: Enhancing detection accuracy. Journal of Information Security, 12(4), 33-48.
  • [7]. Jones, P. (2022). Dynamic testing in real-time applications: Addressing the limitations. Cyber Defense Journal, 15(1), 22-35.
  • [8]. Chorell, I., & Ekberg, C. (2024). A Comparative Analysis of Open Source Dynamic Application Security Testing Tools.
  • [9]. Fernandes, A. A. L. X. (2024). Evaluating the Top Application Security Tools: From Static Analysis to Runtime Protection. Asian Journal of Research in Computer Science, 17(7), 119-127.
  • [10]. Pandey, P., & Pandey, M. M. (2021). Research methodology tools and techniques. Bridge Center.
  • [11]. Verma, R., Verma, S., & Abhishek, K. (2024). Research methodology. Booksclinic Publishing.