Skip to content

Latest commit

 

History

History
27 lines (14 loc) · 2.92 KB

File metadata and controls

27 lines (14 loc) · 2.92 KB

DAST (Dynamic Application Security Testing)

Imagine you've built your dream house and now you want to make sure it's safe and secure to live in. You might not only inspect the structure but also test how it responds to different situations, like opening and closing doors, turning on lights, and checking for any unexpected reactions. In the world of software development, DAST is like testing your software application to see how it behaves in real-world scenarios, especially when it's running.

Here's how it works

  • Dynamic: Unlike SAST, which looks at the code itself, DAST interacts with the running application. It's like actually walking through your house, testing each room to see if everything works as expected.

  • Application: Just like with SAST, this refers to the software you're developing, whether it's a website, a mobile app, or any other type of software.

  • Security Testing: Again, DAST focuses on security issues, but it evaluates how the application behaves when it's live and accessible to users.

Now, let's delve into why DAST is important and how it's done

  • Real-world Testing: DAST simulates real-world attacks on your application. It's like having someone try to break into your house to see if they can find any weak spots in your security measures.

  • Identifying Vulnerabilities in Running Applications: While SAST is great for finding potential issues in the code, DAST looks for vulnerabilities that might only appear when the application is running. This could include things like authentication bypasses, session management flaws, or insecure configurations.

  • Testing the Entire Application Stack: DAST doesn't just focus on the code; it tests the entire application stack, including the web server, database, and any other components that make up the application. This provides a more comprehensive view of potential security risks.

  • Scanning from Outside the Codebase: Since DAST interacts with the running application from the outside, it can identify issues that might not be apparent from just looking at the code. It's like testing the locks on your doors and windows to make sure they can't be easily bypassed.

  • Continuous Monitoring: DAST can be used to continuously monitor your application for security vulnerabilities, helping you stay on top of emerging threats and vulnerabilities even after the software is deployed.

  • Complementary to SAST: DAST complements SAST by providing a different perspective on security testing. While SAST looks at the code itself, DAST evaluates how the application behaves in the real world.

Overall, DAST is an important tool for developers and security professionals, helping them identify and mitigate security risks in their applications by testing how they behave when they're live and accessible to users. Just like you wouldn't want to live in a house with weak locks or faulty alarms, you wouldn't want to deploy software without first ensuring its security through tools like DAST.