Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Dynamic Application Security Testing (DAST) is a type of security testing that actively exercises and inspects a web application for security vulnerabilities. A DAST scanner sends an assortment of payloads to the target application, typically through HTTP requests for web applications, then analyzes the responses and behavior to detect vulnerabilities. DAST is language and framework agnostic, allowing for security scans against any web application with careful configuration.
DAST is a major component in satisfying compliance framework controls. For example, PCI DSS (6.4.2) and NIST 800-53 (RA-5) require automated vulnerability scanning against public web applications. Scanning web applications with DAST scanners can help detect vulnerabilities, guide remediation, and provide reports as proof of meeting certain compliance framework controls.
At Cribl, our applications undergo regular DAST scans from various build stages to production. Scanning throughout all stages ensures that our latest features are vigorously tested and any potential security issues have been vetted before production. Triggering a scan as part of a pull request (PR) or a build step during the software development life cycle (SDLC) appears to be the obvious path forward, but it is often too cumbersome. A thorough scan of a complex application can take multiple hours depending on all the different application states. Adding this much overhead time to the build process is not acceptable. Instead of triggering scans based on PRs or a build step, we run regular nightly scans asynchronously against our application’s self-hosted, staging, and production instances. When it’s time to promote builds, we poll the latest scan results to determine satisfaction with our security requirements for release. Polling the latest scans can be as quick as a handful of API calls if seconds matter or more thorough with a security engineer review if more scrutiny is required.
Although DAST scans occur post-build, results from the latest scans are useful early in the next iteration of the SDLC. DAST complements many other tools in our security program. Shifting left in our SDLC, we integrate Static Application Security Testing (SAST), secure pattern documentation, and security training/awareness for our developers. Findings from DAST scans provide essential feedback in updating our SAST ruleset, secure code pattern documentation, and training material. This creates a positive feedback loop that strengthens with each iteration of our SDLC.
Vendor and tool selection are the first major steps in building a DAST program. Every business may have unique security scan requirements, so mileage may vary. We wanted a team working with us to ensure good scan coverage and meaningful results for our vendor selection. A new vendor involves training our product security team, setting up the initial configuration of new scans, auditing those scans for their health, and partnering with them to reduce false positive counts. In the past, we have worked with vendors that serve as the sole gatekeepers in determining the status of a vulnerability. High volumes of false positives are a reality regarding DAST scanning due to the complex nature and variety of modern applications. Our goal was a DAST vendor that would synergize with our Product Security team to whittle false positives and provide meaningful results.
At Cribl, we use Rapid7’s InsightAppSec. Operated by their Managed Application Security team in close collaboration with our Product Security team, Rapid7 has put in meticulous work to ensure optimal and meaningful security coverage. Rapid7’s MAS is a team of Application Security experts that augments Cribl’s ProdSec team on DAST. For our small Product Security team, as is the case for many organizations, having a managed service for our DAST tooling has been a cost-effective way to force-multiply our security power. We meet with Rapid7 at a regular cadence to drive the health of our DAST program. Their team assists us with configuring complex scans for all our environments, scheduling and running regular scans and triaging discovered vulnerabilities.
Scan coverage is the most crucial aspect of successful DAST scanning. Many scans pointed at an application with credentials will barely scratch the surface. This approach will exercise low-hanging functionality. Modern web applications are large and complex and heavily dependent on conditional states requiring robust scanning.
Our InsightAppSec instance has several configurations to optimize our scan coverage. For Cribl Cloud, we have worked with Rapid7 to record large traffic captures to exercise the bulk of our functionality with scan coverage. These traffic captures enumerate many of the dependent states for our application. The captures are fed into InsightAppSec, where every request is repeatedly replayed with all payloads. InsightAppSec will continue to spider and scan any straggling functionality to top off coverage. This configuration is repeated across many user accounts to ensure that all user privilege levels are scanned equally. Since our application heavily uses Role Based Access Control (RBAC), different functionality and interfaces exist depending on the roles of the active session. We have tailored scan configurations for each role to cover all functionality.
Additional web services like APIs require a slightly different scan configuration. Instead of recording traffic in a browser, we can capture traffic from Postman collections by running all requests in a collection. The requests are captured and fed into InsightAppSec, where the engine executes the scan. Security coverage through this approach covers all of our API surface areas, as Postman traffic collections and swagger files are used to ensure endpoint coverage.
Multiple scan configurations are essential for maximizing DAST coverage against complex web applications. As applications change over time, so will the need for scan configurations. This takes continuous work and is a proactive process. High-quality, healthy scans are far more than just point-and-shoot with a DAST scanner. Scanners such as InsightAppSec allow many scan configurations across all target applications from a single interface. As a cloud service, InsightAppSec offers a convenient location for all stages of a DAST scan, from configuration to scheduling regular or ad-hoc scans, triaging vulnerabilities, and pushing findings to our ticketing system. Our DAST program has been streamlined to ensure high-quality security coverage for our applications.
At Cribl we extensively use our own products in creative ways to better other tooling. Cribl Search, our federated search-in-place tool to analyze data, is extremely useful in conjunction with DAST to discover and validate tricky, blind vulnerabilities. DAST scanners often rely on feedback from a target application to discover findings. This feedback can be in response status codes and data variations, timing differentiation, or other side channels such as out-of-band requests. Some indicators may only appear in application logs or system logs, which a DAST scanner typically would not have access to without an agent or other instrumentation.
Cribl can be used to collect these application and system logs, which can be stored in Cribl Lake. Cribl Search can also then be used to identify stacktraces, SQL errors, and other undesirable application behavior. Since many DAST scanner requests provide unique headers or tokens in their requests, search data can be refined further to narrow data primed by a scan. Cribl Searches and resulting notifications can be scheduled at a recurring cadence. As a result, Cribl can be a powerful tool for maximizing the value of DAST tooling.
DAST scanning is an important tool in a Product Security team’s toolkit. A DAST program’s value can be realized through partnerships with developers, quality assurance, DevOps, and managed service providers. Significant testing coverage can be attained by leveraging the exhaustive effort engineering teams already put into functional application testing. Using DAST in combination with tools such as Cribl Lake and Cribl Search can enhance the ability to detect vulnerabilities hidden deep within log files. In the latest OWASP Top 10 (2021), Security Logging and Monitoring failures are number nine on the list. DAST can exercise and test controls such as this, but monitoring practices must be implemented in conjunction with scanning. Observability is essential when performing security testing, and Cribl’s tooling can help satisfy these controls and enhance detection capabilities through careful search queries.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?