What is Dynamic Application Security Testing?

A black-box security testing technique that analyzes a running application from the outside by sending malicious inputs and observing its responses, without access to source code. DAST tools simulate real-world attacks against live systems, identifying vulnerabilities that only manifest at runtime — such as injection flaws, authentication weaknesses, and server misconfigurations. DAST complements SAST by finding issues that static analysis cannot detect.

Related terms