Dynamic Application Security Testing (DAST) refers to testing an application for security flaws while it is running. The technique involves a vulnerability scanner that simulates external attacks on the application by checking its interfaces during operation.
DAST applies automated functions to simulate malicious attacks on an application and identifies results that are outside an expected set of results. Examples of scans include sending spurious data to uncover common injection flaws. It tests all HTTP and HTML access points by emulating random actions and possible user actions to find whether errors lead to security vulnerabilities or unexpected operation.
Security experts often need to write scripts to fine-tune DAST methods for different types of applications and requires a solid understanding of how the app works as well as how it is used. They must also must have knowledge about web servers, application servers, databases, access control lists and application traffic flow to use DAST effectively.
