Back to course

DAST: Dynamic Application Security Testing

Modern DevSecOps (The Hard Way)

Testing the Running Application

DAST tools attack your application from the outside, just like a hacker would.

Tool: OWASP ZAP (CLI)

In a CI pipeline, you can spin up your app in a temporary environment and run a ZAP baseline scan.

zap-baseline.py -t http://localhost:8080 -r report.html

It checks for XSS, SQLi, and missing security headers while the app is live.