Security Intermediate

What is DAST (Dynamic Application Security Testing)?

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

DAST tools probe running applications like an attacker would — sending crafted requests to find SQL injection, XSS, authentication flaws, and misconfigurations. Tools include OWASP ZAP (free), Burp Suite, Nikto, and commercial solutions like Acunetix. DAST is language-agnostic since it tests the running application through its interfaces. It finds real, exploitable vulnerabilities with low false positive rates. However, DAST cannot pinpoint the vulnerable code line, requires a running environment, and may miss vulnerabilities in untested code paths. Best practice combines SAST (inside-out) with DAST (outside-in) for comprehensive coverage.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

View All Security Terms →