Online DAST Scan

Dynamic application security testing for websites and web applications with an online DAST scan.

Check out ourdemo account

What is a DAST scan?

DAST (dynamic application security testing) is an automated security scan that interacts with your web application to look for security weaknesses and security vulnerabilities. A DAST scan is 'black box' testing. In other words, it sends requests to a live application and examines the responses. This is different from static application security testing (SAST), which examines the static source code for issues.

How does a DAST scan work?

The first step of a DAST scan is crawling your website to discover the pages and APIs. Then the DAST scanner will execute passive and active security tests.

Passive Tests

Passive tests examine the GET responses from crawling the website. Examples of passive vulnerabilities are cross-domain misconfigurations, insecure cookies, and vulnerable js dependencies.

Active Tests

Active tests will POST data, send requests, and submit forms to the web application. Examples of active vulnerabilities are SQL injection, remote command execution, and cross-site scripting.

Learn More

To learn more about the different passive and active vulnerabilities read the info page for our online web application vulnerability scan.

DAST Tools

One of the best DAST tools is OWASP ZAP (Zed Attack Proxy). This open source project is among the world's most widely used DAST scanners and powers the DAST scans of many great companies, such as GitLab and HostedScan.

HostedScan's DAST Scanner

  • DAST Scanner powered by OWASP ZAP.
  • Supports both traditional HTML web applications and single page applications (SPAs).
  • Passive security tests.
  • Active security tests.
  • Continuous monitoring with scheduled scans.
  • Use our APIs to integrate with your CI provider, such as GitHub or CircleCI!
Example DAST scan report Screenshot

Example DAST scan report

Trusted by teams who require high-quality scans at speed

BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas

See the Power of HostedScan

HostedScan enables companies to meet compliance and security goals.