Active scanning endeavors to discover potential vulnerabilities by using known attacks against the selected targets. It can discover vulnerabilities like broken access control; will not be found by any active or automated vulnerability scanning.
Nemasis - DAST's spider is a tool that is used to automatically discover new resources (URLs) on a specific site. It starts with a list of URLs to visit, called the seeds, which depends on how
the Spider is started.
Nemasis - DAST passively scans all HTTP messages (requests and responses) sent to the web applications and is safe to use since it does not change the requests or responses. This is performed in a background thread to guarantee that it doesn't back off the analysis of an application.
Nemasis allows fast-track the compliance assessments of web applications and infrastructure according to industry standard and best practices such as Payment Card Industry (PCI), General Data Protection Regulation (GDPR), OWASP 2017, OWASP 2013, SANS Top 25, and many more.
Nemasis - DAST includes features that allow to perform an audit scan
and provides with analysis, corrective suggestions, and solutions for various services such as, WHOIS, SEO Analytics, Domain security posture, Malware Check, MongoDB security audit,
SSL security configuration, and Domain
Nemasis - DAST provides detailed reports of all the vulnerabilities found in the web applications, which includes WASC ID, CWE, and many more. The reports generated are real-time and is in HTML format. Nemasis DAST provides three types of reports, namely, Nemasis-DAST Report, OWASP 2017, and OWASP 2013 that includes the recommended remediation for the vulnerabilities found