Headline
DongTai - An Interactive Application Security testing(IAST) Product That Supports The Detection Of OWASP WEB TOP 10 Vulnerabilities, Multi-Request Related Vulnerabilities (Including Logic Vulnerabilities, Unauthorized Access Vulnerabilities, Etc.), Third-Party Component Vulnerabilities, Etc.
中文版本(Chinese version)
About DongTai IAST
DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability ( https://www.kitploit.com/search/label/Vulnerability ) detection and multiples request associated with vulnerability detection ( https://www.kitploit.com/search/label/Vulnerability%20Detection ) (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities) , Third-party component vulnerability detection , etc. Currently, applications in Java and Python are supported for vulnerability detection.
Architecture
DongTai IAST has multiple basic services, including DongTai-web , DongTai-webapi , DongTai-openapi , DongTai-engine , agent , DongTai-deploy , DongTai-Base-Image and DongTai-Plugin-IDEA :
- DongTai-web is the product page of DongTai, which is used to handle the interaction between users and cave states.
- DongTai-webapi is responsible for handling user-related operations.
- DongTai-openapi is used to process the registration/heartbeat/call method/third-party component/error log data reported by agent , issue hook strategy, issue probe control commands, etc.
- DongTai-engine analyzes whether there are vulnerabilities in HTTP/HTTPS/RPC requests according to the calling method data and taint tracking algorithm, and is also responsible for other related timing tasks.
- agent is a probe module of DongTai, including data collection terminals in different programming languages, used to collect data during application runtime and report to the DongTai-OpenAPI service.
- DongTai-deploy is used for the deployment of DongTai IAST, including docker-compose single-node deployment, Kubernetes cluster deployment, etc. If you want a deployment plan, you can add features or contribute to the deployment plan.
- DongTai-Base-Image contains the basic services that DongTai depends on runtime, including MySql, Redis.
- DongTai-P…