DAST (Dynamic Application Security Testing) tests running web applications for security vulnerabilities by simulating real attacks. Unlike static analysis (SAST), DAST works without access to source code and tests the application from an attacker’s perspective.
Common checks include SQL injection, cross-site scripting (XSS), insecure headers, and flawed authentication. DAST tools such as OWASP ZAP or Burp Suite integrate into CI/CD pipelines for automated scanning with each deployment. Since DAST only works at runtime, it complements SAST and SCA to form a comprehensive application security strategy.