Dynamic application security testing (DAST) is a method for ensuring application security that focuses on analyzing applications once they are running in production and being used. This approach to security testing is sometimes referred to as a ‘black box’ test because analysts do not have access to the software’s source code or application architecture; rather, it aims to simulate the techniques that a malicious actor would use to penetrate the software in order to discover any vulnerabilities.
The DAST approach to security looks particularly at input/output validation issues by using a wide range of spurious inputs to determine how an application reacts in order to identify the potential for scripting and SQL injection attacks among others. It is also used to identify potential configuration errors that could leave the software vulnerable as well as other potential user mistakes that make the software behave in unexpected ways.
