https://romanoroth.com/en/tags/dynamic-application-security-testing/Recent content in Dynamic Application Security Testing on Romano RothHugo -- gohugo.ioenRomano RothWed, 19 Apr 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-dast/Wed, 19 Apr 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-dast/<p>After seven sessions of static analysis — SCA, license compliance, SAST, container scanning, secret detection — Patrick Steger and I move into the dynamic side of the pipeline. In Part 8 we add Dynamic Application Security Testing to our GitHub Actions pipeline. DAST runs the application and then attacks it. GitHub does not ship this out of the box, so we wire in a community action built on OWASP ZAP — and we are honest about where that approach falls short for enterprise use.</p>https://romanoroth.com/en/blogs/gitlab-devsecops-dast/Wed, 05 Oct 2022 00:00:00 +0000https://romanoroth.com/en/blogs/gitlab-devsecops-dast/<p>Everything we have done in the GitLab DevSecOps pipeline so far has been static — analysis of source code, dependencies, containers and configuration. In Part 8, Patrick Steger and I cross the line into Continuous Delivery and add Dynamic Application Security Testing. DAST means we deploy the application, start it, and then attack it from the outside with an automated penetration testing tool. GitLab ships this capability out of the box, powered by OWASP ZAP.</p>