Skip to content

DAST

Medium — good to knowSecurity

ELI5 — The Vibe Check

DAST attacks your running application to find vulnerabilities — like hiring a friendly hacker to poke at your website. It doesn't read your code; it sends weird requests and sees what breaks. SAST reads the recipe for problems; DAST actually tastes the food and checks if it's poisoned.

Real Talk

Dynamic Application Security Testing probes running applications from the outside by sending crafted requests to discover vulnerabilities like XSS, SQL injection, CSRF, and misconfigurations. It's language-agnostic since it tests the HTTP interface. Tools include OWASP ZAP, Burp Suite, and Nuclei.

When You'll Hear This

"DAST found an XSS vulnerability that SAST missed because it was in a template." / "We run DAST against our staging environment before every release."

Related Terms

OWASP (OWASP)

OWASP (Open Web Application Security Project) is the internet's biggest security club.

beginnerSecurity

Penetration Testing

Penetration testing (pentesting) is hiring ethical hackers to try to break into your own systems before the real bad guys do.

intermediateSecurity

SAST

SAST scans your source code for security bugs WITHOUT running it.

intermediateSecurity

Security Headers

Security Headers are HTTP response headers that tell browsers 'here's how to protect my users.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.