[QA.ST.5] Evaluate runtime security with dynamic application security testing
Category: FOUNDATIONAL
While other forms of security testing identifies potential vulnerabilities in code that hasn't been run, dynamic application security testing (DAST) detects vulnerabilities in a running application. DAST works by simulating real-world attacks to identify potential security flaws while the application is running, enabling uncovering vulnerabilities that may not be detectable through static testing. By proactively uncovering security weaknesses during runtime, DAST reduces the likelihood of vulnerabilities being exploited in production environments.
Begin by choosing a DAST tool that offers broad vulnerability coverage, including
recognition of threats listed in the OWASP Top 10
Related information: