How DAST Discovers Runtime Vulnerabilities

DAST excels at finding vulnerabilities that only manifest when applications run in their deployment environment. Configuration vulnerabilities like weak SSL/TLS settings, missing security headers, or exposed debug endpoints cannot be detected through code analysis alone. DAST identifies these issues by actually interacting with the deployed application and observing its security posture.

Injection vulnerabilities discovered by DAST often include complex variants that static analysis misses. While SAST might identify obvious SQL injection points, DAST can find second-order injection where malicious input is stored and later executed in a different context. DAST discovers blind SQL injection by observing timing differences or out-of-band callbacks. It identifies LDAP, XML, and command injection by crafting specific payloads and monitoring application responses.

Authentication and session management flaws become apparent through DAST's systematic testing. Tools attempt session fixation, test for insufficient session timeouts, and verify logout effectiveness. They identify authentication bypass vulnerabilities by manipulating parameters, headers, and cookies. DAST can discover privilege escalation by attempting to access resources with different user contexts, something difficult to comprehensively test through code analysis.