Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite.
Ensuring your code is written securely can be a bit of a headache. Most of us know about the risks of SQL injection by now, but what about vulnerabilities like Cross-site scripting (XSS) or CORS misconfigurations?
There are hundreds of static (SAST) code analysis tools around, but many are prone to noise - distracting you with a seemingly endless stream of false positives. In short, these tools often get ignored at best.
Dastardly's scanner produces very little noise, thanks to its dynamic (DAST) methodology. It looks at your application from the outside in - just like a real attacker. So if it sees a vulnerability, you can be pretty sure it's real. And to do this, it uses a stripped-down version of the scanner used by Burp Suite - the world's leading toolkit for web security testing.
In the past, dynamic analysis has been difficult to fit into CI/CD - being slower than static analysis. But Dastardly scans complete in ten minutes or less - giving you fast feedback on seven security issues you should be aware of. This gives you the ability to fix actual security issues there and then, without any painful context-switching or false positives.
That's really all there is to it - Dastardly is fast, accurate, and completely free of charge.
And we've made it easy to get it running in your CI/CD pipeline. Check out the Dastardly documentation for more details.
Like what you see? Follow us on Twitter for all the latest Dastardly / Burp Suite news.