Dynamic application security testing (DAST) is a process of testing an application or software product in an operating state. The tests are performed by attacking an application, generally from the outside, to look for security vulnerabilities such as Cross-site Scripting, SQL Injection, Command Injection, Path Traversal and Insecure Server Configuration.
Some dynamic application security testing solutions test only the exposed HTTP and HTML interfaces of Web-enabled applications. However, some solutions are designed specifically for non-Web protocol and data malformation, for example, remote procedure call or Session Initiation Protocol (SIP).