Dynamic Application Security Testing

• Cross-site scripting
• Injection: Injection flaws, such as SQL injection, NoSQL, OS, and LDAP injection.
• Path disclosure
• Denial-of-service
• Code execution
• Memory corruption
• Cross-site request forgery
• Information disclosure
• Arbitrary file
• Local file inclusion
• Remote file inclusion
• Buffer overflow

As of 2019 there is no Synopsys DAST on-premises product.

Software[edit]

• GitLab Ultimate since January 2018 10.4 https://about.gitlab.com/releases/2018/01/22/gitlab-10-4-released/, https://docs.gitlab.com/ee/user/application_security/dast/
• GitLab Auto DAST
• OWASP ZAP
• GitLab DAST API and API Fuzzing speed improvements
• GitLab DAST API analyzer for on-demand DAST API scans

Related terms[edit]

• Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
• Browser-based DAST

See also[edit]

• Security scanners
• Application Security Testing
• Manual Penetration Testing (MPT)
• DAST, SQL injection, Denial-of-service attack (DoS attack), Buffer overflow
• Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx