### Dynamic Application Security Testing (DAST)

If you deploy your web application into a new environment, your application may become exposed to new types of attacks. For example, misconfigurations of your application server or incorrect assumptions about security controls may not be visible from the source code.

Dynamic Application Security Testing (DAST) examines applications for vulnerabilities like these in deployed environments. DAST uses the open source tool OWASP Zed Attack Proxy for analysis.

https://docs.gitlab.com/ee/user/application_security/dast/

All identified vulnerabilities are reported in the:  

Merge request widget  

![dast-in-mr](./dast-in-mr.png)  

Pipelines' Security tab  

![dast-in-pipeline-tab](./dast-in-pipeline-tab.png)   

Example project using Dynamic Application Security Testing (DAST): [Demo DAST](https://jihulab.com/ultimate-plan/demo/dast-demo/-/tree/2-demo-test-new-policy-name)