Hybrid Analysis Testing is now available with Code Dx Enterprise

Introducing Hybrid Analysis!

Hybrid Analysis uses DAST tools to see which SAST vulnerabilities are actually exploitable by an attacker. That’s right—you can find out what is vulnerable and what is exploitable, without doing extensive manual reviews!

Code Dx’s powerful Hybrid Analysis capability takes the guesswork out of confirming vulnerabilities, dramatically reducing false positives, so you can fix the confirmed vulnerabilities first.

Hybrid Analysis is just one more way Code Dx saves you time and resources.

What’s the big deal about HYBRID?

In the latest release—Code Dx Enterprise V 3.0—we’ve added Hybrid Analysis. Hybrid Analysis combines the best aspects of the two most common types of application security testing— SAST and DAST—to provide a deeper, more effective look under your application’s hood. SAST tools scour your source code for potential vulnerabilities—from the inside-out—while DAST tools search for exploits accessible by an attacker—from the outside-in. The problem with these approaches is that they usually don’t provide information that is immediately actionable, or that is otherwise difficult to prioritize. Hybrid Analysis combines the inside-out and outside-in approaches to shine a spotlight onto vulnerabilities that both exist and are exploitable, immediately confirming a potential weakness as a true, genuine threat. This will give you the right information to decide how to best secure your application.

Check out the Hybrid Application Security Testing White Paper

HAST resolves many of these problems by mapping the results of DAST and SAST tools together, providing a single, unified report that identifies vulnerabilities within the code that are confirmed to be exploitable from the outside.