Back to glossary

Dynamic Application Security Testing (DAST)

A security testing methodology that evaluates a running application from the outside to find vulnerabilities that an attacker could exploit.

AbbreviationDAST
Categorysecurity

Overview

DAST (often called 'black-box testing') simulates an attack on a functional application. It does not have access to the source code and instead interacts with the application's web interface or API to find flaws.

What DAST Detects

  • Vulnerabilities in the running environment and configuration.
  • Authentication and session management issues.
  • Flaws that only appear during execution (e.g., certain types of XSS).
  • Server-side misconfigurations.

Pros and Cons

  • Pros: Finds runtime and configuration issues; no access to source code required; low false-positive rate.
  • Cons: Found late in the SDLC; cannot identify the exact line of code; limited coverage of the application's internal logic.

Related Terms

Static Application Security Testing (SAST)Interactive Application Security Testing (IAST)Burp Suite