Safeguard
Tag

dast

Safeguard articles tagged "dast" — guides, analysis, and best practices for software supply chain and application security.

62 articles

AppSec

Web Application Security Testing Tools in 2026

A category map of web application security testing tools in 2026, from SAST and DAST to API scanners, and how to pick a stack that matches your architecture.

Feb 18, 20265 min read
DevSecOps

How to set up DAST scanning in a CI/CD pipeline

A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.

Feb 18, 20267 min read
Application Security

How to configure OWASP ZAP for automated scanning

A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.

Feb 15, 20268 min read
AppSec

Application Security Testing Software: A Category Map

A clear map of the application security testing software categories — SAST, DAST, IAST, SCA, and the platforms that bundle them — and when each one actually applies.

Feb 11, 20266 min read
Application Security

What is Dynamic Code Analysis

Dynamic code analysis tests running applications to catch exploitable vulnerabilities that static scans and manifest files alone can easily miss.

Feb 7, 20267 min read
Application Security

IAST vs DAST Decision Guide 2026

When to choose IAST, when to choose DAST, and when to run both. A decision framework for 2026 with concrete coverage, cost, and integration tradeoffs.

Jan 28, 20265 min read
AppSec

Missing Rate Limiting: The OWASP API Security Risk Explained

A no rate limiting vulnerability sits quietly in most APIs until it enables brute force, credential stuffing, or resource exhaustion; here is how to spot it and fix it before it does.

Jan 22, 20265 min read
Comparisons

The Gartner Magic Quadrant for Application Security Testing, 2026 Edition

What the Magic Quadrant for Application Security Testing actually measures, how leaders end up in that top-right quadrant, and why the report is one input into a buying decision, not the decision itself.

Jan 20, 20265 min read
AppSec

Black Box Fuzzing, Explained

Black box fuzzing throws malformed input at a running application with zero knowledge of its internals, and it still finds crashes and memory bugs white box testing misses — here's how it works and where it fits in a security program.

Nov 6, 20256 min read
AppSec

Web Application Scanning: Tools and Methods Compared

Web application scanning ranges from free automated crawlers to full authenticated DAST pipelines — here's how the methods differ and when each is enough.

Nov 5, 20255 min read
AppSec

Dynamic Scanning, Explained for Engineers Who Aren't Security Specialists

Dynamic scanning tests a running application the way an attacker would, by sending it requests and watching what comes back. Here's what that actually involves and when it's the right tool.

Nov 4, 20256 min read
AppSec

Web Application Vulnerability Scanners, Compared

Web application vulnerability scanners range from free online URL checkers to full DAST platforms — here's how the categories differ and which one actually matches your risk.

Sep 23, 20255 min read
dast (Page 3) — Safeguard Blog