What is wrong with the current state of Dynamic Application Security Testing (DAST) ?
Security Boulevard, Friday, January 3rd, 2025
When I launched this study, my goal was to determine whether most, if not all, AppSec engineers still perceive DAST as a checkbox in application security programs. I wanted to understand what led them to think that DAST is just a necessity rather than a useful tool.
I asked most of the AppSec engineers a simple question 'I saw that there were a lot of negative opinions on DAST, but it's gradually changing - do you have a take on this? ' From there, the conversations often took off, and while some answers were quite short and direct, others were more nuanced. I also gathered feedback throughout the year - from the Elephant in AppSec podcast conversations, LinkedIn posts, and face-to-face chats - just to get a wider variety of perspectives on DAST.