Dynamic code analysis is performed on deployed and running software. The purpose is to hammer the endpoint to identify various security issues during the development cycle. These tools should also be part of the daily run and should be integrated with the CI/CD pipeline. DAST testing is also known as black box testing, since it looks at the API endpoints for vulnerabilities.
DAST tests typically look for a broad range of vulnerabilities, including input/output validation issues that could leave an application vulnerable to cross-site scripting or SQL injection. A DAST test can also help spot configuration mistakes and errors, and identify other specific problems with applications. A DAST test should ...