DAST Vulnerability Scanner
Dynamic Application Security Testing: scan live web applications and APIs for security vulnerabilities
A powerful online DAST scanner
HostedScan makes it easy to run industry-standard dynamic application security testing (DAST) tools. No installations or downloads required. We manage the complex software for you, so that you can start securing applications immediately.
Ready to run a dast scan now?
Run a free scan to see the power of HostedScan
Secure your external attack surface area
- Crawl applications to discover pages, APIs, and input forms.
- Check for security issues such as insecure headers, CSP policies, and information leaks.
- Test inputs and APIs for SQL injections, cross-site scripting, and other vulnerabilities.
Always-on protection, without the noise
Run scheduled scans for continuous security monitoring and protection. Cut out the noise and alert your team only for new and unexpected findings.
Ready for SOC 2, ISO-27001, and more
Running a vulnerability scan is just the first step in your compliance journey. HostedScan has all the features you need to set up a full-scale vulnerability management program. Run scans on recurring schedules, alert your team for new vulnerabilities, create rules to reduce noise, prioritize findings, track remediation SLAs, automate evidence collection, and deliver audit-ready reports.
Comprehensive reports, that always look good
Get an executive PDF to share. See at a glance the vulnerabilities detected across all your targets or dive into each target, prioritized by risk level.
MSP and agency solutions
Protect all of your clients with a scalable DAST scanning solution. Use tags and workspaces to easily manage multiple tenants and projects. Affordable pricing that scales as you grow.
What is a DAST scan?
DAST (dynamic application security testing) is security testing of running applications to look for weaknesses and vulnerabilities. DAST scanning is 'black box' testing. In other words, it sends requests to a live application and examines the responses. This is different from static application security testing (SAST), which examines the static resources such as source code and container images for vulnerabilities.
How does a DAST web application scan work?
First, the scanner crawls the web application to discover the different pages, forms, and APIs. Next the scanner will perform passive and active security tests against the discovered elements.
Passive Tests
Passive tests examine the GET responses from crawling the website. Examples of passive vulnerabilities are cross-domain misconfigurations, insecure cookies, and vulnerable js dependencies.
Active Tests
Active tests will POST data, send requests, and submit forms to the web application. Examples of active vulnerabilities are SQL injection, remote command execution, and cross-site scripting.
Learn More
To learn more about the different passive and active vulnerabilities read the info page for our online web application vulnerability scan.
DAST tool spotlight: ZAP
One of the best DAST tools is OWASP ZAP (Zed Attack Proxy). This open source project is among the world's most widely used DAST scanners and powers the DAST scans of many great companies, including HostedScan. Click here to learn more about ZAP.
