ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

DAST-EDI

Automated penetration testing of exposed EDI endpoints.

Definition

For EDI, DAST tests HTTP/S endpoints (AS2, AS4, REST API) with OWASP Top 10 payloads — IDOR, SSRF, XXE, XML signature wrapping, XPath injection. OWASP ZAP (open-source) is the most used tool. Burp Suite Professional (commercial) remains the reference for manual pentests.

Origin

Category identified by Gartner around 2010, descendant of Nessus-like web vulnerability scanners.

Example in context

A nightly OWASP ZAP automated scan against the EDI staging partner portal before promotion to prod.

  • SAST — complementary static analysis.

Last updated: May 14, 2026