What is Dynamic Application Security Testing (DAST)?

Definition

DAST

What is Dynamic Application Security Testing?

A black-box security testing technique that analyzes a running application from the outside by sending malicious inputs and observing its responses, without access to source code. DAST tools simulate real-world attacks against live systems, identifying vulnerabilities that only manifest at runtime — such as injection flaws, authentication weaknesses, and server misconfigurations. DAST complements SAST by finding issues that static analysis cannot detect.

A white-box security testing approach that analyzes application source code, bytecode, or compiled binaries for vulnerability patterns without executing the program.

Penetration Testing →

A structured, authorized simulation of a real-world cyberattack against a system, network, or application with the goal of identifying exploitable vulnerabilities before malicious actors do.

Vulnerability Assessment →

A systematic process of identifying, classifying, and prioritizing security weaknesses in a system without attempting to exploit them.

CI/CD Security →

The practice of integrating automated security testing and policy enforcement directly into software build and deployment pipelines.

Put this into practice

CI/CD penetration testing →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.

What is Dynamic Application Security Testing?

Related terms