loading
Loading content
loading
Also known as DAST
Dynamic application security testing (DAST) tests an application while it runs, treating it as a black box. The scanner crawls the app to learn its endpoints and parameters, then sends crafted requests, malformed input, injection payloads, manipulated tokens, and watches the responses for signs of a flaw. Because it needs no source code, DAST tests the application as an attacker reaches it, including the deployed configuration and runtime behavior that static review never sees.
DAST matters because it finds the issues that surface only at runtime: injection, authentication weaknesses, exposed endpoints, and broken error handling. It carries a known tradeoff. False positives need triage, and a crawler that misses authenticated or JavaScript-heavy areas leaves blind spots, so DAST complements rather than replaces manual testing and code-level review.
DAST is a focused form of vulnerability scanning aimed at web application security, and it leans on web crawling to map coverage before it attacks. Findings often feed a deeper penetration testing effort.
In a Trickest workflow you can gate DAST behind discovery: enumerate live web hosts, crawl each one, then run scanning nodes against the mapped endpoints and aggregate findings so a large estate gets consistent coverage on every run.
Related terms