09-dynamic-analysis-dast.md

Module 9: Dynamic Analysis (DAST)

What

Testing running applications from the outside (black-box).

Use Cases

• Detect runtime issues (e.g., XSS, injection).
• Works with APIs and web apps.

Limitations

• Limited coverage.
• Harder to automate fully.

Tools

• OWASP ZAP, Burp Suite.