Application Security
DAST (Dynamic Application Security Testing)
Also known as: Dynamic analysis, Black-box security testing
Definition
Black-box security testing that probes a running application over the network to find vulnerabilities visible only at runtime, such as injection, auth flaws and misconfigurations.
Examples
- Running an OWASP ZAP automated scan against a staging API as a CI job.
- Performing a Burp Suite scan with an authenticated session against a SPA.
Related terms
SAST (Static Application Security Testing)
Automated analysis of source code, bytecode or binaries — without executing it — to find security weaknesses such as injection, unsafe APIs or insecure crypto.
IAST (Interactive Application Security Testing)
Application security testing that instruments a running application from the inside to observe code execution while it is being exercised by traffic or tests.
RASP (Runtime Application Self-Protection)
A defense embedded inside a running application that monitors execution context and blocks malicious behavior, such as injection or deserialization attacks, in real time.
Fuzz Testing
An automated testing technique that feeds a program large amounts of malformed, random or unexpected input to uncover crashes, memory corruption and security vulnerabilities.
DevSecOps
A culture and set of practices that integrates security responsibilities into DevOps workflows so engineers ship secure software continuously and at speed.
OWASP Top 10
OWASP Top 10 — definition coming soon.