Smarter DAST scans with Intelligent Finding Analytics (IFA)

Intelligent Finding Analytics (IFA) uses artificial intelligence (AI) and machine learning (ML) to analyze data, discover patterns, and make predictions, ultimately transforming data into actionable insights. IFA goes beyond regular data analysis by using advanced methods to find deeper meanings and make smart decisions.

IFA for Dynamic Application Security Testing (DAST) augments scan accuracy and coverage by minimizing false positives, finding vulnerabilities in Large Language Model (LLM)- integrated applications, and optimizing test selection. It uses AI, machine learning, or statistical analysis to improve test coverage and accuracy. Currently, IFA focuses on the following applications, with plans to expand its features in the future:
  • DAST for LLM-augmented applications: Safeguard your business from LLM risks with AppScan DAST, specifically engineered to identify critical vulnerabilities like sensitive information disclosure, prompt injection, and more.
  • AI for smarter error detection augments AppScan heuristics to improve error page detection. This advanced AI tool enhances the accuracy of identifying and analyzing error pages within applications, ensuring more precise security assessments.
  • Guess BFLA detects Broken Function Level Authorization (BFLA) vulnerabilities—situations where users can execute actions they are not authorized to. During an authenticated scan, AppScan reuses the active session and searches for hidden or weakly protected functions by trying alternative HTTP methods in invasive mode (for example, DELETE) and by guessing common administrative or action-oriented endpoints and parameters, with partial AI assistance. If a low-privilege user can successfully trigger a restricted action, AppScan reports a BFLA issue and includes supporting evidence.
  • Test optimization uses AppScan’s intelligent test filtering to select the most relevant tests while reducing false positives. A full regular scan, which involves thousands of tests, can be overly time-consuming. To save time during early development or for a quick security check, you can use test optimization, which offers three speed levels: Fast, Faster, and Fastest. This method uses intelligent algorithms and statistical analysis to bypass less critical tests, focusing only on the most common and severe vulnerabilities. This significantly reduces the scan time. For a more detailed examination, you can run a full scan later in the development process or at specific intervals.
Note:
For insights on the token usage of different GPT models, see AppScan DAST IFA: Estimated token usage and model pricing for AI features.