What makes BLAs so powerful

Black Duck provides BLAs that are carried out by qualified, security engineers on web applications that use the hypertext transfer protocol (HTTP) on the application layer and have an underlying transmission control protocol (TCP) transport layer. Our comprehensive coverage extends to the base application URL and authorized connected host name URLs.

Our team of security engineers is composed of hand-picked experts who are rigorously trained in manual testing. Each engineer undergoes a meticulous evaluation period spanning several weeks, and most have extensive experience and have completed hundreds of manual assessments.

These security engineers analyze the business model of the application to determine its intended design and purpose. They record dynamic application functionality and workflows in a site map, and review and define user roles and permissions. They also identify the underlying technologies for the application.

When conducting BLAs, our security engineers dig deep into the application's business model to understand its intended design and purpose. They create a site map, recording dynamic application functionality and workflows, while meticulously defining user roles and permissions and identifying the underlying technologies.

Safety is paramount in our approach. We strictly avoid any testing that could lead to a denial of service or harm the application. Every BLA is conducted with strict enforcement to ensure consistent and reliable results. Our engineers perform thorough vulnerability testing, paying special attention to issues that automated scanners might miss, such as those listed in the OWASP Top 10, WASC 2.0, and CWE Top 25. Our testing procedures are continuously updated with the latest information from OWASP, other standards, and our own independent investigations.

Upon completion of the BLA, findings are made available to the client, complete with a customized description and instructions on how to reproduce the issue. The results are presented alongside an icon indicating the need for a manual retest in the Continuous Dynamic™ platform. Our vulnerability assessment system seamlessly integrates DAST results and BLA findings, ensuring a cohesive and efficient testing process without requiring any changes.

With Black Duck BLAs, organizations can rest assured that their web applications receive the highest level of scrutiny, expert analysis, and protection against potential vulnerabilities. Our dedication to security excellence empowers businesses to strengthen their application security posture and safeguard their valuable assets in an ever-evolving threat landscape.