Dynamic Application Security Testing Tool
Overview
Fit Score
Settle Intelligence
Settle helps teams find, evaluate, and respond to public RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.
SUMMARY
DESCRIPTION
The agency is seeking information from vendors capable of providing a Dynamic Application Security Testing (DAST) solution to analyze Social Security Administration applications, strengthen security metrics, and address requirements arising from external audits and assessments.
The requested tool must scan applications during execution to identify exploits detectable through black-box testing. It must support SSA-developed applications built with technologies including Java, Node.js, JavaScript, Python, .NET, Ruby, Spring Boot, PHP, Visual Basic, and HTML, and be deployable and manageable in Windows and/or Linux environments.
The solution should integrate with Git, Jenkins Pipeline, ServiceNow, and Jira, and support on-premises Active Directory for user access control to project results. Additional capabilities include providing remediation or code-fix examples for findings, tracing exploits to the relevant source file or line of code, creating email alerts for team members, detecting and cataloging API endpoints by project, and testing both authenticated and unauthenticated portions of applications. The tool should also allow customization of scanning rules and processes, provide confidence scoring on findings, and process requests and responses with minimal impact on tool resources.
Source attribution
This Settle analysis is based on the issuing organization’s public RFP listing.