What is DAST?
DAST is a security testing process that evaluates a running application, typically a web application, in real time to detect vulnerabilities that could be exploited during its operation. Unlike static analysis, which examines application code without executing it, DAST focuses on the application’s behavior and data flow during its operation, often from an outsider’s perspective without visibility into the underlying code.
A DAST tool could be used to do the following:
- Test for SQL injection vulnerabilities by sending specially crafted input to application forms or URL parameters to see if the app inadvertently executes those inputs as part of a SQL query. If it does, an attacker could potentially access, modify, or delete data from the database.
- Check for cross-site scripting (XSS) by attempting to insert malicious scripts into inputs. If successful, when this input is reflected to a user without being properly sanitized, the script can run...