DAST - Dynamic Application Security Testing

DAST is a security solution used to uncover vulnerabilities in software during its running state, including when it is actually deployed in production.

 

It is a black box testing methodology where software is tested from the outside-in and attacked just as it would be by a true threat actor and simulates attacks against the application (typically web-enabled applications and services) and analyzes the application's response to determine if it is vulnerable. Minimal user interactions are required for these scans (once configured with host name, crawling parameters and authentication credentials). Unlike Static Application Security Testing tools (SAST), DAST tools do not have access to source code. DAST tools are either open source, free or commercially available, are specifically designed to find security vulnerabilities and are sometimes required to comply with various regulatory requirements.

 

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.