What is DAST (Dynamic Application Security Testing) and where does it fit in CD?
Answer
DAST (Dynamic Application Security Testing) tests a running application by sending crafted HTTP requests and observing responses — simulating the perspective of an attacker. Unlike SAST (source code analysis), DAST requires a live application instance, making it part of the CD pipeline (after staging deployment). DAST tools like OWASP ZAP and Burp Suite Enterprise automatically probe for vulnerabilities including XSS, SQL injection, broken authentication, insecure headers, and CSRF. In a CD pipeline, DAST runs against the staging environment after deployment, before traffic is shifted to production. A vulnerability above a severity threshold blocks the promotion to production. DAST catches runtime vulnerabilities that SAST misses (e.g., authentication bypass that depends on server behavior) but is slower and can only test functionality that has been exercised during the scan.
Previous
What is SAST (Static Application Security Testing) and how is it used in CI?
Next
What is container image scanning and which tools are commonly used?
More CI/CD Pipelines Questions
View all →- Intermediate What is blue-green deployment and how does it achieve zero-downtime releases?
- Intermediate What is a canary release and how does it reduce deployment risk?
- Intermediate What is a rolling deployment and how does it compare to blue-green?
- Intermediate What are feature flags and how do they integrate with CI/CD?
- Intermediate What is the testing pyramid in CI/CD and where does each test type run?