A Dynamic Application Security Testing (DAST) tool is a security application that can help find vulnerabilities in web applications while they are running.  DAST tools are crucial to use in combination with Software Composition Analysis (SCA) tools because there can be a huge difference between vulnerabilities found in code running in real-time vs. the static code stored in a repository. 

In other words, DAST tools scan outward-facing interfaces of an app for vulnerabilities that can be exploited. DAST scans and testing can be done at any time throughout the software development lifecycle, ensuring that vulnerabilities are found and patched sooner rather than later. DAST tools are simple to implement into your DevSecOps lifecycle because they are agnostic to the language or architecture the app is built upon.

DAST scans are typically performed on your development or QA environment since they simulate the actions of a hacker.  Simulating these attacks in your live production site could inadvertently expose the app and its users to unnecessary vulnerabilities. 

The SOOS DAST Analysis scanning tool is powered by the trusted OWASP ZAP infrastructure.  SOOS has included the option for DAST scanning into our application so now you can view both SCA and DAST analysis results and fixes for your web apps together, in one interface.

Refer to our DAST Subscription & Pricing article for details about upgrading your SOOS subscription to include DAST.