Dynamic Application Security Testing

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf security testing methodology
gptkbp:abbreviation gptkb:DAST
gptkbp:analyzes applications in real-time
gptkbp:canAutomate yes
gptkbp:category black-box testing
gptkbp:compatibleWith access to source code
gptkbp:complement gptkb:Static_Application_Security_Testing
gptkb:Interactive_Application_Security_Testing
gptkbp:detects gptkb:cross-site_scripting
SQL injection
authentication issues
authorization issues
runtime vulnerabilities
server misconfigurations
gptkbp:focusesOn identifying vulnerabilities in running applications
gptkbp:goal find vulnerabilities before deployment
https://www.w3.org/2000/01/rdf-schema#label Dynamic Application Security Testing
gptkbp:integratesWith CI/CD pipelines
gptkbp:limitation may generate false positives
may miss business logic flaws
requires running application
gptkbp:notableTool gptkb:Burp_Suite
gptkb:AppScan
gptkb:OWASP_ZAP
gptkb:Acunetix
gptkb:Netsparker
gptkbp:output security reports
vulnerability findings
gptkbp:partOf software development lifecycle
gptkbp:performedAt application runtime
gptkbp:performedBy security professionals
automated tools
gptkbp:recognizedBy security misconfigurations
improper error handling
exposed sensitive data
insecure communications
gptkbp:relatedStandard gptkb:OWASP
gptkb:NIST
gptkbp:requires test environment
deployed application
gptkbp:scope network communications
external interfaces
user inputs
gptkbp:usedBy gptkb:DevSecOps_teams
QA teams
penetration testers
gptkbp:usedFor web application security
API security
gptkbp:bfsParent gptkb:File_Inclusion_Attacks
gptkbp:bfsLayer 5