๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is DAST (Dynamic Application Security Testing)?

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

DAST tools probe running applications like an attacker would โ€” sending crafted requests to find SQL injection, XSS, authentication flaws, and misconfigurations. Tools include OWASP ZAP (free), Burp Suite, Nikto, and commercial solutions like Acunetix. DAST is language-agnostic since it tests the running application through its interfaces. It finds real, exploitable vulnerabilities with low false positive rates. However, DAST cannot pinpoint the vulnerable code line, requires a running environment, and may miss vulnerabilities in untested code paths. Best practice combines SAST (inside-out) with DAST (outside-in) for comprehensive coverage.

Related Terms

CSRF (Cross-Site Request Forgery)
An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.
Session Hijacking
An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.
Webhook Signature Verification
A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.
WAF (Web Application Firewall)
A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.
Secret Management
The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.
SAST (Static Application Security Testing)
Automated analysis of source code to find security vulnerabilities without executing the application.
View All Security Terms โ†’