Dynamic Application Security Testing (DAST)

is a testing process to assess an application’s security weaknesses and vulnerabilities.

• Performs a black-box testing.
• Doesn’t access the source code of the application.
• Is a program targeting web applications.
• Can/should be integrated in SDLC (Secure DevOps or DevSecOps)
• Ex: SQL injection flaw, authentication errors, code injection, cross-site, etc.
• Pros: Application-agnostic, fast to find vulnerabilities
• Cons: The scan can take a while. Know-how in security is required.
• Products: Intruder, SOOS, Acunetix, WebInspect, and Invicti