Optiv Cybersecurity Dictionary

What is DAST (Dynamic Application Security Testing)?

Dynamic application security testing (DAST) is a security solution used to uncover vulnerabilities in software during its running state, including when it's actually deployed in production.


DAST is a black box testing methodology where software is tested from the outside-in and attacked just as it would be by a true threat actor. It simulates attacks against the application (typically web-enabled applications and services) and analyzes the application's response to determine if it's vulnerable. Minimal user interactions are required for these scans (once configured with host name, crawling parameters and authentication credentials).


Unlike static application security testing tools (SAST), DAST tools don't have access to source code. DAST tools are either open source, free or commercially available, are specifically designed to find security vulnerabilities, and are sometimes required to comply with various regulatory requirements.

Contact Us