---
type: "term"
title: "DAST (Dynamic Application Security Testing)"
description: "A testing methodology that analyzes a running application by simulating attacks against it to identify security vulnerabilities."
resource: "tlctc:term:dast-dynamic-application-security-testing"
tags:
  - "glossary"
---
# DAST (Dynamic Application Security Testing)

A testing methodology that analyzes a running application by simulating attacks against it to identify security vulnerabilities. In TLCTC: DAST is a **preventive control** (IDENTIFY/PROTECT) primarily targeting `#2 Exploiting Server` and `#3 Exploiting Client` by discovering implementation flaws in deployed applications.

See also: SAST, Control, Exploiting Server (#2), Exploiting Client (#3)