I've got something cool to share that might save you some headaches when it comes to scanning those pesky internal apps. Ever struggled with SaaS security tools only seeing public URLs, leaving your admin panels and staging areas unchecked? Well… here we go ️♂️ I built a custom DAST (Dynamic Application Security Testing) tool that runs from within the safety of good ol' docker containers. It scans for vulnerabilities in styles similar to OWASP Top Ten, but best part? You can use it on your internal URLs without having to expose them! So instead of exposin’ or DIY-runnin’, you get a cloudy dashbaaaaard (with reports and scheduling) + self run scans for the secure stuff behind closed doors. What do ya think? Anybody else tried something like this before, care to share experiences?!
Source:
https://dev.to/scryn/i-built-a-dast-scanner-you-can-run-from-docker-heres-how-it-works-139j