What are the Hazards of DAST?

Dynamic Application Security Testing (DAST) has some hazards to consider. It can generate false positives, leading to wasted time, or false negatives, leaving vulnerabilities undetected. DAST may strain live systems, causing performance issues or crashes if run on production environments. Since it only scans from the outside, it might miss internal code vulnerabilities or complex business logic flaws. Misconfigured tests could disrupt services or unintentionally expose sensitive data during testing.

Additionally, DAST may struggle with modern architectures like APIs or serverless applications, resulting in incomplete coverage. Running DAST too late in the development cycle can delay deployment and increase remediation costs. Lastly, legal risks exist, especially if the tool scans third-party systems without proper authorization. To mitigate these risks, DAST should be carefully planned, configured, and complemented with other testing methods.