DevOps Dictionary

DAST (Dynamic Application Security Testing) is an automated security testing method that probes a live, running application from the outside, interacting with it over the network the way a real user or attacker would. It targets vulnerabilities that only show up at runtime, such as injection issues, broken authentication and authorization, insecure session handling, and misconfigurations in routing, middleware, or headers. At a high level, a DAST tool crawls the app to discover reachable pages and endpoints, sends crafted HTTP requests with unexpected inputs, and analyzes responses, redirects, errors, and timing to infer exploitable weaknesses without needing access to source code.

With DAST, teams can validate what is actually exposed in a deployed environment and catch exploitable flaws before release; without it, runtime and configuration driven weaknesses can slip past code review and static scanning and surface later as incidents, outages, or data exposure. This gap exists because many security behaviors depend on deployment settings and real request handling, not just the code.