What is DAST?
Last updated: Jun 3, 2026
Dynamic application security testing (DAST) is a security testing technique for detecting security vulnerabilities in a running application.
Unlike static application security testing, DAST does not require access to the source code. Instead, it uses various attack vectors, probing the application for weaknesses in its configuration, data handling, and business logic. This approach helps uncover vulnerabilities that malicious pentesters might exploit in their interaction with the application from the user's side, and which might be missed by looking only at source code.
To learn more about Fluid Attacks' DAST capabilities, refer to the following resources in this documentation:
- Security requirements verified with DAST: Learn what the currently supported technology is and the security requirements that are tested:
- Configure the tests by the standalone scanner: Perform DAST with Fluid Attacks' command-line interface (CLI) tool.
- Sign up to Fluid Attacks: Start the free trial of Fluid Attacks' DAST and other automated techniques. The scanner is configured for you so it continuously monitors your system's security as you develop, and Fluid Attacks provides you with reports, analytics, and remediation suggestions on its platform.
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
What is SCA?
The Fluid Attacks scanner does software composition analysis, SCA, a technique for detecting open-source packages with security vulnerabilities in applications.
What is CSPM?
Fluid Attacks' CSPM scanner detects misconfigurations and security issues in cloud environments, IaC scripts, and container images through automated cloud security posture management.