| CARVIEW |
Select Language
HTTP/2 301
x-vhost: blackduck
content-security-policy: default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' data: blob: edge.adobedc.net adobedc.demdex.net *.adobe.com *.adobe.io cdn.cookielaw.org assets.adobedtm.com kit.fontawesome.com ka-p.fontawesome.com munchkin.marketo.net adobedc.demdex.net snap.licdn.com *.drift.com js.driftt.com js.zi-scripts.com j.6sc.co geolocation.onetrust.com ipv6.6sc.co c.6sc.co b.6sc.co epsilon.6sense.com px.ads.linkedin.com static.cloud.coveo.com boards.greenhouse.io *.mktoresp.com ws.zoominfo.com job-boards.greenhouse.io api.company-target.com *.org.coveo.com synopsysnonproduction2yln023as.analytics.org.coveo.com *.brighttalk.com brighttalk.com js.zi-scripts.com *.blackduck.com blackduck.com players.brightcove.net *.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com googletagmanager.com *.googletagmanager.com *.google.com *.google.ca *.google.co.uk google.co.in google.com *.google-analytics.com google-analytics.com googleads.g.doubleclick.net td.doubleclick.net *.googleapis.com *.gstatic.com *.leadspace.com *.clarity.ms *.bing.com *.bing.net *.bing-int.com *.6sc.co *.6sense.co 846-esg-342.mktoutil.com *.youtube.com;
location: https://www-dev.blackduck.com/services/penetration-testing
cache-control: max-age=300
expires: Sun, 12 Oct 2025 07:56:15 GMT
content-type: text/html; charset=iso-8859-1
accept-ranges: bytes
age: 0
date: Sun, 12 Oct 2025 07:51:15 GMT
strict-transport-security: max-age=31557600
set-cookie: affinity="6f430d7b187d4459"; Path=/; HttpOnly; secure
x-served-by: cache-bom-vanm7210084-BOM
x-cache: MISS
x-timer: S1760255474.179693,VS0,VS0,VE933
content-length: 266
HTTP/2 301
x-vhost: blackduck
content-security-policy: default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' data: blob: edge.adobedc.net adobedc.demdex.net *.adobe.com *.adobe.io cdn.cookielaw.org assets.adobedtm.com kit.fontawesome.com ka-p.fontawesome.com munchkin.marketo.net adobedc.demdex.net snap.licdn.com *.drift.com js.driftt.com js.zi-scripts.com j.6sc.co geolocation.onetrust.com ipv6.6sc.co c.6sc.co b.6sc.co epsilon.6sense.com px.ads.linkedin.com static.cloud.coveo.com boards.greenhouse.io *.mktoresp.com ws.zoominfo.com job-boards.greenhouse.io api.company-target.com *.org.coveo.com synopsysnonproduction2yln023as.analytics.org.coveo.com *.brighttalk.com brighttalk.com js.zi-scripts.com *.blackduck.com blackduck.com players.brightcove.net *.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com googletagmanager.com *.googletagmanager.com *.google.com *.google.ca *.google.co.uk google.co.in google.com *.google-analytics.com google-analytics.com googleads.g.doubleclick.net td.doubleclick.net *.googleapis.com *.gstatic.com *.leadspace.com *.clarity.ms *.bing.com *.bing.net *.bing-int.com *.6sc.co *.6sense.co 846-esg-342.mktoutil.com *.youtube.com;
location: https://www-dev.blackduck.com/services/penetration-testing.html
cache-control: max-age=300
expires: Sun, 12 Oct 2025 07:56:15 GMT
content-type: text/html; charset=iso-8859-1
accept-ranges: bytes
age: 0
date: Sun, 12 Oct 2025 07:51:16 GMT
strict-transport-security: max-age=31557600
x-served-by: cache-bom-vanm7210084-BOM
x-cache: MISS
x-timer: S1760255475.125621,VS0,VS0,VE932
content-length: 271
HTTP/2 301
x-vhost: blackduck
content-security-policy: default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' data: blob: edge.adobedc.net adobedc.demdex.net *.adobe.com *.adobe.io cdn.cookielaw.org assets.adobedtm.com kit.fontawesome.com ka-p.fontawesome.com munchkin.marketo.net adobedc.demdex.net snap.licdn.com *.drift.com js.driftt.com js.zi-scripts.com j.6sc.co geolocation.onetrust.com ipv6.6sc.co c.6sc.co b.6sc.co epsilon.6sense.com px.ads.linkedin.com static.cloud.coveo.com boards.greenhouse.io *.mktoresp.com ws.zoominfo.com job-boards.greenhouse.io api.company-target.com *.org.coveo.com synopsysnonproduction2yln023as.analytics.org.coveo.com *.brighttalk.com brighttalk.com js.zi-scripts.com *.blackduck.com blackduck.com players.brightcove.net *.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com googletagmanager.com *.googletagmanager.com *.google.com *.google.ca *.google.co.uk google.co.in google.com *.google-analytics.com google-analytics.com googleads.g.doubleclick.net td.doubleclick.net *.googleapis.com *.gstatic.com *.leadspace.com *.clarity.ms *.bing.com *.bing.net *.bing-int.com *.6sc.co *.6sense.co 846-esg-342.mktoutil.com *.youtube.com;
location: https://www-dev.blackduck.com/dast.html
cache-control: max-age=300
expires: Sun, 12 Oct 2025 07:56:16 GMT
content-type: text/html; charset=iso-8859-1
accept-ranges: bytes
age: 0
date: Sun, 12 Oct 2025 07:51:17 GMT
strict-transport-security: max-age=31557600
x-served-by: cache-bom-vanm7210084-BOM
x-cache: MISS
x-timer: S1760255476.070690,VS0,VS0,VE931
content-length: 247
HTTP/2 200
x-vhost: blackduck
content-security-policy: default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' data: blob: edge.adobedc.net adobedc.demdex.net *.adobe.com *.adobe.io cdn.cookielaw.org assets.adobedtm.com kit.fontawesome.com ka-p.fontawesome.com munchkin.marketo.net adobedc.demdex.net snap.licdn.com *.drift.com js.driftt.com js.zi-scripts.com j.6sc.co geolocation.onetrust.com ipv6.6sc.co c.6sc.co b.6sc.co epsilon.6sense.com px.ads.linkedin.com static.cloud.coveo.com boards.greenhouse.io *.mktoresp.com ws.zoominfo.com job-boards.greenhouse.io api.company-target.com *.org.coveo.com synopsysnonproduction2yln023as.analytics.org.coveo.com *.brighttalk.com brighttalk.com js.zi-scripts.com *.blackduck.com blackduck.com players.brightcove.net *.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com googletagmanager.com *.googletagmanager.com *.google.com *.google.ca *.google.co.uk google.co.in google.com *.google-analytics.com google-analytics.com googleads.g.doubleclick.net td.doubleclick.net *.googleapis.com *.gstatic.com *.leadspace.com *.clarity.ms *.bing.com *.bing.net *.bing-int.com *.6sc.co *.6sense.co 846-esg-342.mktoutil.com *.youtube.com;
cache-control: max-age=300
expires: Sun, 12 Oct 2025 07:56:17 GMT
content-encoding: gzip
x-frame-options: SAMEORIGIN
content-type: text/html;charset=utf-8
x-content-type-options: nosniff
accept-ranges: bytes
age: 0
date: Sun, 12 Oct 2025 07:51:19 GMT
strict-transport-security: max-age=31557600
x-served-by: cache-bom-vanm7210084-BOM
x-cache: MISS
x-timer: S1760255477.014809,VS0,VS0,VE2015
vary: Accept-Encoding,User-Agent
content-length: 25106
Dynamic Application Security Testing (DAST) Tools & Solutions | Black Duck
Dynamic Application Security Testing Solutions
Verify the security of APIs and web applications in both QA and production.
Black Duck dynamic application security testing (DAST) solutions identify vulnerabilities in APIs and web applications before and after deployment, helping ensure that you find security issues before hackers do.
Test before and after deployment
With Black Duck, you can integrate DAST into your DevOps pipelines to fix security issues before you deploy, and continuously verify the security of applications in production.
Optimize DAST for modern apps
Black Duck DAST solutions are purpose-built to efficiently test single-page applications, JavaScript-heavy sites, APIs, and microservices at scale.
Focus on findings that matter
Polaris fAST Dynamic eliminates tests that distract developers with low-quality findings, while Black Duck® Continuous Dynamic expert validation ensures that only true positives are reported.
Comprehensive DAST for development and security teams
Black Duck DAST solutions provide security teams with scalable, automated scanning and expert-validated results, ensuring critical vulnerabilities are identified and prioritized efficiently.
-
Run scans on-demandDevelopment, QA, and security teams can initiate fast, automated scans whenever needed with Polaris fAST Dynamic, eliminating scheduling bottlenecks.
-
Verify the security of APIsPolaris fAST Dynamic provides comprehensive application and API scanning, with support for OpenAPI Specs, Postman collections, .HAR files, and GraphQL (.sdl).
Eliminate false positivesContinuous Dynamic goes beyond automation with expert validation of scan results, eliminating false positives so security teams focus on real, exploitable threats, not noise.
Access expert guidanceThe Ask-a-Question feature gives teams access to on-demand expert security guidance, while available remediation support services help teams resolve issues quickly.
Precision, speed, and scalability where you need it most
Black Duck DAST solutions enable your development and security teams to take a "defense-in-depth" approach to security testing.
During development and QA
Accelerate vulnerability detection before deployment. Polaris fAST Dynamic delivers on-demand, high-speed DAST, allowing security teams to identify and remediate vulnerabilities early. With built-in API security testing, fAST Dynamic scans OpenAPI Specs, Postman collections, .HAR files, and GraphQL (.sdl) for full coverage.
After production deployment
Security leaders need actionable intelligence, not noise. Continuous Dynamic delivers high-confidence, expert-validated DAST results in live environments—eliminating false positives and providing a clear, unfiltered view of the true attack surface.
DAST optimized for complex modern applications
Designed for today’s complex applications and tomorrow’s attack landscape, our DAST tools and solutions leverage advanced scanning engines, decades of security intelligence, and expert validation to deliver precise, actionable insights—fast.
Purpose-built for modern applications
Polaris fAST Dynamic is designed from the ground up to handle the complexities of today’s applications, ensuring accurate and efficient scanning for web and API vulnerabilities.
Backed by 20+ years of security intelligence
Leverage decades of security data, advanced threat modeling, and expert human verification to ensure high-fidelity results with minimal false positives. Gain direct access to security professionals for deeper analysis and guidance.
Business logic assessments for advanced threat detection
Identify vulnerabilities that automated scanners miss with expert-led business logic assessments (BLAs). These assessments provide deep, contextual analysis of complex attack vectors unique to your applications.
The Black Duck advantage
Since 2016, Black Duck has been a Leader in the Gartner® Magic Quadrant™ for Application Security Testing. See why our customers rely on Black Duck to help them build trust in their software.
Customer testimonials
We love the fact that Continuous Dynamic is production-safe, [enables us to] do authenticated scanning, and above all, that ALL of the findings are verified. And we are 99% false positives–free.”
Financial Firm
Application-level protection provides us with an invaluable layer of security for our platform and customer data. Continuous Dynamic is extremely beneficial to us in reducing security vulnerabilities and risks.”
Financial Services Firm
Over 4,000 organizations worldwide trust Black Duck
51%
of the Fortune 100
6/10
of top financial services
10/10
of top technology companies
10/10
of top global 500 automotive companies
Get a custom quote
Explore more DAST resources
Report
Software Vulnerability Snapshot
Learn how DAST complements other AppSec testing methods