Dynamic Application Security Testing (DAST) Tools
Top Rated Products
(1-2 of 2)
All Products
(1-25 of 41)
Learn More About Dynamic Application Security Testing (DAST) Tools
What are Dynamic Application Security Testing (DAST) Tools?
Dynamic application security testing (DAST) tools are used by web application developers and IT security professionals to identify external security vulnerabilities. These automated black-box testing tools simulate threats and attacks that could be initiated by hackers and other bad-actors. A DAST tool can scan an application independently from its underlying technology, internal architecture, design, and programming language.
The tools conduct penetration testing when the application is running and typically test the HTTP and HTML interfaces of web applications. The tools can simulate attacks such as SQL injection, cross-site scripting or create customized threats specific to an application, and its product or service.
They can trace penetrations and exploits to their sources. This dynamic testing occurs throughout the lifecycle of an application as new threats and vulnerabilities evolve. DAST tools are also known as web scanners.
DAST vs. Static and Interactive Application Security Testing
DAST tools simulate external threats when the application is running and identify the source of the vulnerability. It is closely related to Static Application Security Testing (SAST) and Interactive Application Security Testing (IAST) tools, but test applications using different methods.
Static Application Security Testing (SAST), white-box tools, are used when the application is at rest It complements DAST by evaluating the internal vulnerabilities of a web application, using code analyzers to identify potential vulnerabilities that might be exploited. It analyzes the entire code base.
Interactive Application Security Testing (IAST) analyzes an application's internal code as specific functionality is being tested while it is up and running. It is able to pinpoint the vulnerable code.
These tools work together and are used in tandem to provide more comprehensive security testing.
Dynamic Application Security Testing (DAST) Tools Features
Leading Dynamic Application Security Testing Tools should have most or all of the following features:
- Test applications in their operational state
- Perform external black-box security tests
- Crawler, asset discovery and monitoring
- Vulnerability detection
- Trace penetrations and exploits to their sources
- Testing automation, continuous testing
- Manual testing
- Compliance testing
- Issue tracking, reporting and analytics
- SDLC integration
Dynamic Application Security Testing (DAST) Tools Comparison
Considerations when purchasing dynamic application security testing tools include:
Coverage: DAST tools are only one component of establishing web application security. DAST tools should be used as a part of a comprehensive security testing stack rather than a stand-alone solution. Working with other tools such as SAST will provide more comprehensive coverage. Some vendors offer products and services that combine those functions.
SDLC Integration: How well and easily can each tool integrate with the organization’s existing software development life cycle? Consider current QA processes and tools, and whether each DAST option would interfere with or complement existing systems in the SDLC.
Start a DAST tools comparison here
Pricing Information
Pricing can be based upon the number of users, the number of scans, the size of the application and the features offered. Costs range from $50 to over $400 a month per user. On premise installations begin at $2,000. Vendor quotes are recommended for enterprise level products. Some vendors offer limited testing services for free as an introduction to their product.
Related Categories
Frequently Asked Questions
What do Dynamic Application Security Testing (DAST) Tools do?
What are the benefits of using Dynamic Application Security Testing (DAST) Tools?
Dynamic Application Security Testing tools' benefits include:
- Cost savings and risk reduction
- Helps prevent exploitation of eCommerce applications
- When used in the software development lifecycle saves time and money
- Consistent security monitoring
- Continuous, automated scanning for new attacks and vulnerabilities
- Simulates realistic threats and attacks
- Discovers vulnerabilities not found in source code
- Flexibility, scalability
- Customizable testing options
- Evaluates how traffic and usage impacts vulnerabilities
- Assists with compliance and regulatory reporting