Dynamic Application Security Testing

Back To Listing

What is Dynamic Application Security Testing?

Dynamic application security testing (DAST) is a black-box test, working from the outside in, designed to detect security vulnerabilities in an application’s running state. DAST is good at finding externally visible vulnerabilities in the interfaces of web applications, and makes it easy to confirm by providing URLs. The downside of DAST is its heavy reliance on experts to write tests, making it difficult to scale.

DAST security requires dynamic application security testing tools that automate security tests for a variety of real-world threats. DAST can tests for exposed HTTP and HTML interfaces of web-enabled applications. More advanced solutions are designed specifically to check things such as remote procedure calls, Session Initiation Protocol (SIP), etc.). There are similarities between DAST tools and other application security solutions, but most other technologies perform internal tests and code analysis rather than focusing on black-box testing.

Contrast Community Edition

Release Secure Software Faster... No Security Expertise Needed!

Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.