dast
Safeguard articles tagged "dast" — guides, analysis, and best practices for software supply chain and application security.
62 articles
Web Application Security Testing Tools in 2026
A category map of web application security testing tools in 2026, from SAST and DAST to API scanners, and how to pick a stack that matches your architecture.
How to set up DAST scanning in a CI/CD pipeline
A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.
How to configure OWASP ZAP for automated scanning
A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.
Application Security Testing Software: A Category Map
A clear map of the application security testing software categories — SAST, DAST, IAST, SCA, and the platforms that bundle them — and when each one actually applies.
What is Dynamic Code Analysis
Dynamic code analysis tests running applications to catch exploitable vulnerabilities that static scans and manifest files alone can easily miss.
IAST vs DAST Decision Guide 2026
When to choose IAST, when to choose DAST, and when to run both. A decision framework for 2026 with concrete coverage, cost, and integration tradeoffs.
Missing Rate Limiting: The OWASP API Security Risk Explained
A no rate limiting vulnerability sits quietly in most APIs until it enables brute force, credential stuffing, or resource exhaustion; here is how to spot it and fix it before it does.
The Gartner Magic Quadrant for Application Security Testing, 2026 Edition
What the Magic Quadrant for Application Security Testing actually measures, how leaders end up in that top-right quadrant, and why the report is one input into a buying decision, not the decision itself.
Black Box Fuzzing, Explained
Black box fuzzing throws malformed input at a running application with zero knowledge of its internals, and it still finds crashes and memory bugs white box testing misses — here's how it works and where it fits in a security program.
Web Application Scanning: Tools and Methods Compared
Web application scanning ranges from free automated crawlers to full authenticated DAST pipelines — here's how the methods differ and when each is enough.
Dynamic Scanning, Explained for Engineers Who Aren't Security Specialists
Dynamic scanning tests a running application the way an attacker would, by sending it requests and watching what comes back. Here's what that actually involves and when it's the right tool.
Web Application Vulnerability Scanners, Compared
Web application vulnerability scanners range from free online URL checkers to full DAST platforms — here's how the categories differ and which one actually matches your risk.