DAST (Dynamic Application Security Testing) is a type of black-box application testing that can test applications while they are running. When testing an application with DAST you don’t need to have access to the source code to find vulnerabilities. In order to find vulnerabilities using a DAST tool, your application must be installed on a web server, a virtual machine, or a container, and it must be running during the analysis. DAST software tests the HTTP and HTML interfaces of applications that attackers would use to break into a service. The DAST tool also proxies your web application’s communications, putting itself between the browser (front-end) and server (backend). A DAST penetration test helps you find those vulnerabilities before an attacker does.
Running static checks (SAST) on your code is the first step to detect vulnerabilities that can put the security of your code at risk. Yet, once deployed, your application is exposed to a new category of possible attacks, such as cross-site scripting or broken authentication flaws. This is where Dynamic Application Security Testing (DAST) comes into place.
CloudDefense SCA support most popular languages and support for more languages continue to be added regularly. If you need support for a language we do not support yet, please reach out to firstname.lastname@example.org so we can share upcoming launch dates with you.