Sunday, August 16, 2020
DAST - Dynamic Analysis Security Testing
As opposed to SAST, Dynamic Analysis Security Testing or DAST is a black-box testing. It is performed when the application is running. It is normally run using a tool to scan and perform attacks to the web application.
OWASP Zed Attack Proxy (ZAP) is the world's most popular free DAST tool. You could input your home URL into the tool and allow it to perform scan and attack your web application. You can also provide some parameters or authentication credentials to allow the tool to continue to detect vulnerabilities in your web application. It also allows user interactions combined with the tool to complement the DAST testings. It will capture if the web page that user accessed contains any vulnerabilities. The report provides the CWE (Common Weakness Enumeration) ID, description, solution and reference. It is so handy that you could assess and take necessary step on the reported vulnerabilities.