Security Intermediate

What is DAST (Dynamic Application Security Testing)?

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

DAST tools probe running applications like an attacker would — sending crafted requests to find SQL injection, XSS, authentication flaws, and misconfigurations. Tools include OWASP ZAP (free), Burp Suite, Nikto, and commercial solutions like Acunetix. DAST is language-agnostic since it tests the running application through its interfaces. It finds real, exploitable vulnerabilities with low false positive rates. However, DAST cannot pinpoint the vulnerable code line, requires a running environment, and may miss vulnerabilities in untested code paths. Best practice combines SAST (inside-out) with DAST (outside-in) for comprehensive coverage.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

Webhook Signature Verification

A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

View All Security Terms →