Nemasis - Dynamic Application Security Test

Nemasis - Dynamic Application Security Test

Detecting what software is running on the client (browser) is much easier than detecting what is running on the server. Nemasis - DAST uses Passive Scanning and Active Scanning modes to identify the vulnerabilities.

Nemasis provides the right coverage across the entire vulnerability management life cycle.

  • Scanners are built with a crawl and attack architecture.
  • Scans for hidden and other exploitable vulnerabilities (XSS, SQL injection, and others as per OWASP Top 10).
  • Comprehensive application coverage and sophisticated attack methodologies.
  • Compatible with web applications built on PHP, ASP, Java, or any other language.
  • Internal and external web applications scanning.
  • Low False Positive
  • Identifies configuration issues

Vulnerability Assessment is the oxygen of the modern age.
To breathe free try Nemasis

Know more
Nemasis DAST features

Website promote you 24/7, you need to secure it

Active/Attack Scanning/Intrusive Scan

Active scanning endeavors to discover potential vulnerabilities by using known attacks against the selected targets. It can discover vulnerabilities like broken access control; will not be found by any active or automated vulnerability scanning.



Nemasis - DAST's spider is a tool that is used to automatically discover new resources (URLs) on a specific site. It starts with a list of URLs to visit, called the seeds, which depends on how the Spider is started.


Passive Scaning/Non-Intrusive Scan

Nemasis - DAST passively scans all HTTP messages (requests and responses) sent to the web applications and is safe to use since it does not change the requests or responses. This is performed in a background thread to guarantee that it doesn't back off the analysis of an application.


Compliance and Configuration Assessment

Nemasis allows fast-track the compliance assessments of web applications and infrastructure according to industry standard and best practices such as Payment Card Industry (PCI), General Data Protection Regulation (GDPR), OWASP 2017, OWASP 2013, SANS Top 25, and many more.



Nemasis - DAST includes features that allow to perform an audit scan
and provides with analysis, corrective suggestions, and solutions for various services such as, WHOIS, SEO Analytics, Domain security posture, Malware Check, MongoDB security audit,
SSL security configuration, and Domain
BlackList status.



Nemasis - DAST provides detailed reports of all the vulnerabilities found in the web applications, which includes WASC ID, CWE, and many more. The reports generated are real-time and is in HTML format. Nemasis DAST provides three types of reports, namely, Nemasis-DAST Report, OWASP 2017, and OWASP 2013 that includes the recommended remediation for the vulnerabilities found


Passive Mode Scanning

  • CSRF Tokens
  • Cookie Poisoning
  • Information Disclosure
  • Private IP disclosure
  • Cross-Domain Misconfiguration


Attack/Active Mode Scanning

  • Server Side Include Attacks
  • Cross Site Scripting
  • CRLF injection, SQL Injection
  • Directory Browsing/Traversal
  • Parameter Tampering


Minimum system requirements

ISO can be installed on following virtual environments

  • VMware
  • Microsoft Hyper-V
  • Oracle Virtual Box

Appliance details/Minimum system

  • 2 CPUs
  • 8 GB RAM
  • 50 GB HDD

Copyright 2022 MicroWorld Technologies Inc. - Nemasis VMS