Dynamic Application Security Testing (DAST)

Spread the love

Dynamic Application Security Testing (DAST)

is a testing process to assess an application’s security weaknesses and vulnerabilities.

  • Performs a black-box testing.
  • Doesn’t access the source code of the application.
  • Is a program targeting web applications.
  • Can/should be integrated in SDLC (Secure DevOps or DevSecOps)
  • Ex: SQL injection flaw, authentication errors, code injection, cross-site, etc.
  • Pros: Application-agnostic, fast to find vulnerabilities
  • Cons: The scan can take a while. Know-how in security is required.
  • Products: Intruder, SOOS, Acunetix, WebInspect, and Invicti

Leave a Reply

Your email address will not be published. Required fields are marked *