๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is DAST (Dynamic Application Security Testing)?

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

DAST tools probe running applications like an attacker would โ€” sending crafted requests to find SQL injection, XSS, authentication flaws, and misconfigurations. Tools include OWASP ZAP (free), Burp Suite, Nikto, and commercial solutions like Acunetix. DAST is language-agnostic since it tests the running application through its interfaces. It finds real, exploitable vulnerabilities with low false positive rates. However, DAST cannot pinpoint the vulnerable code line, requires a running environment, and may miss vulnerabilities in untested code paths. Best practice combines SAST (inside-out) with DAST (outside-in) for comprehensive coverage.

Related Terms

XSS (Cross-Site Scripting)
An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
OAuth 2.0
An authorization framework that allows third-party applications to access user resources without sharing passwords.
Vulnerability Scanning
Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.
API Security
Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.
WAF (Web Application Firewall)
A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.
View All Security Terms โ†’