What is DAST?

Last updated: Mar 16, 2026

Dynamic application security testing (DAST) is a security testing technique for detecting security vulnerabilities in a running application.

Unlike static application security testing , DAST does not require access to the source code. Instead, it uses various attack vectors, probing the application for weaknesses in its configuration, data handling, and business logic. This approach helps uncover vulnerabilities that malicious hackers might exploit in their interaction with the application from the user’s side, and which might be missed by looking only at source code.

To learn more about Fluid Attacks’ DAST capabilities, refer to the following resources in this documentation:

Security requirements verified with DAST: Learn what the currently supported technology is and the security requirements that are tested:
- DNS : Test the security of your Domain Name System records.
- HTTP : Examine web application security by analyzing HTTP requests and responses.
- SSL : Evaluate the strength and configuration of your SSL/TLS certificates and encryption protocols.
Configure the tests by the standalone scanner: Perform DAST with Fluid Attacks’ free and open-source command-line interface (CLI) tool.
Sign up to Fluid Attacks : Start the free trial of Fluid Attacks’ DAST and other automated techniques. In this SaaS option, the scanner is configured for you so it continuously monitors your system’s security as you develop, and Fluid Attacks provides you with reports , analytics , and remediation suggestions on its platform .

Search for vulnerabilities in your apps for free with Fluid Attacks’ automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan . If you prefer the Advanced plan, which includes the expertise of Fluid Attacks’ hacking team, fill out this contact form .