From the course: Building an Application Security Program
Join today to access over 25,200 courses taught by industry experts.
Dynamic application security testing (DAST)
From the course: Building an Application Security Program
Dynamic application security testing (DAST)
- [Instructor] Now we're going to talk about dynamic application security testing. I really like the OWASP definition of dynamic testing, which is, "A black-box testing that can find security vulnerabilities and weaknesses in a running application by injecting malicious payloads to identify potential flaws." My simple definition of this is it's an automated way to hack, but a more technical way to look at this is that DAST, dynamic application security testing, scans websites and APIs for vulnerabilities without the source code. It's black-box testing for security. Static has the source code and all of the different paths that it will take. With dynamic, you don't. You spider the application to know which paths are on the website, and then the tool tries to manipulate all the fields that it finds. Similar to static, the concept is tried and true. Dynamic scans have been around for a while. OWASP has a free one called Zap.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding AppSec testing5m 46s
-
(Locked)
Threat modeling5m 20s
-
(Locked)
Static application security testing (SAST)3m 14s
-
(Locked)
Dynamic application security testing (DAST)2m 55s
-
(Locked)
Interactive application security testing (IAST)2m 29s
-
(Locked)
Static code analysis (SCA)3m 6s
-
(Locked)
Verification testing2m 10s
-
(Locked)
Pentesting2m 50s
-
(Locked)
Red/Blue/Purple testing3m 32s
-
(Locked)
Monitoring AppSec in production3m 42s
-
(Locked)
RASP vs. WAF6m 32s
-
(Locked)
-
-