Dynamic Application Security Testing (DAST)
is a testing process to assess an application’s security weaknesses and vulnerabilities.
- Performs a black-box testing.
- Doesn’t access the source code of the application.
- Is a program targeting web applications.
- Can/should be integrated in SDLC (Secure DevOps or DevSecOps)
- Ex: SQL injection flaw, authentication errors, code injection, cross-site, etc.
- Pros: Application-agnostic, fast to find vulnerabilities
- Cons: The scan can take a while. Know-how in security is required.
- Products: Intruder, SOOS, Acunetix, WebInspect, and Invicti