Dynamic Code Analysis (DAST)

Dynamic Application Security Testing (DAST) analyzes an application in its running state. It tests for vulnerabilities such as input validation flaws, authentication bypasses, and improper error handling by interacting with the live application.

Testing Standards:

• OWASP Top 10
• NIST SP 800-42 (Guidelines on Network Security Testing)

Tools:

• Burp Suite: For dynamic testing and interaction with web apps.
• OWASP ZAP: Automated and manual dynamic analysis.
• Arachni: For automated DAST and security testing of web apps.
• Manual: Exploring Source Code to find weekness. 

Techniques:

• Simulating attacks on live applications
• Fuzzing inputs for vulnerabilities
• Exploiting runtime vulnerabilities like XSS, CSRF, and logic flaws
• Testing for weak session management, authentication, and error handling