DAST, or Dynamic Application Security Testing, tests a running application from the outside by sending crafted inputs and observing responses, without access to source code. It is a black-box technique that finds vulnerabilities visible at runtime, such as authentication and injection flaws. DAST mimics how an external attacker probes a live system.
DAST validates the application as deployed, configuration and all, so its findings tend to be real and exploitable rather than theoretical. It does not depend on the language the app is written in.
The trade-off is that DAST runs later in the lifecycle and cannot point to the offending line of code the way SAST can. The two are complementary, which is why mature pipelines run both.
traztech delivers secure CI/CD pipeline setup for startups and growth-stage companies, led by a published CVE researcher.
Book a call