DAST-EDI
Automated penetration testing of exposed EDI endpoints.
Definition
For EDI, DAST tests HTTP/S endpoints (AS2, AS4, REST API) with OWASP Top 10 payloads — IDOR, SSRF, XXE, XML signature wrapping, XPath injection. OWASP ZAP (open-source) is the most used tool. Burp Suite Professional (commercial) remains the reference for manual pentests.
Origin
Category identified by Gartner around 2010, descendant of Nessus-like web vulnerability scanners.
Example in context
A nightly OWASP ZAP automated scan against the EDI staging partner portal before promotion to prod.
Related terms
- SAST — complementary static analysis.