Dynamic Application Security Testing (DAST) refers to the use of software tool that interacts with a web application’s front-end in order to test it for any potential security vulnerabilities or weaknesses in its architecture. Such tools do not access the source code of the application and thus only assess vulnerabilities that occur when an attack is being performed. DAST tools provide sophisticated test scans that detect vulnerabilities related to query strings, fragments, headers and DOM injection which can only be detected when the application has been deployed.
This type of testing is particularly effective when an application is implemented in a new environment with new settings. Different configurations on the application server, for example, can lead to security issues as well as incorrect assumptions about a new hosting environment. DAST can identify these errors which are otherwise almost impossible to reproduce by examining the application’s source code