Dynamic application security testing (DAST) is type of security testing for applications in which vulnerabilities are discovered by simulating a set of standard attacks on an application while it is executing. It identifies flaws and vulnerabilities in an application externally by attacking its interfaces and other exposed elements. This type of testing can find standard security issues such as injection errors (SQL injection), cross site scripting issues, path traversal and insecure server configurations among others.
DAST operates by implementing a set of pre-defined, automated scans that simulate these external attacks on an application and flags any results that are outside of an expected set of conditions. It tests all possible access points and simulates random actions and other unusual user interactions that could lead to a security vulnerability. This technique requires a thorough understanding of how an application works and how it will be used when released.