Industry Insights

The Reports of My Death Have Been Greatly Exaggerated: How DAST Is Reinventing Itself

DAST's ability to provide a simple, developer and AppSec friendly solution that effectively detects vulnerabilities without false positives ensures its continued relevance in the cybersecurity landscape.

The Reports of My Death Have Been Greatly Exaggerated: How DAST Is Reinventing Itself
Gadi Bashvitz
March 22, 2023
4 minutes

A recent post on Boring AppSec touted the diminishing value of Dynamic Application Security Testing tools.

However, contrary to this post and despite the rapid pace of technological advancements that often renders many solutions obsolete, some DAST solutions have adapted and remain more relevant than ever in 2023.

Adapting to development velocity: Seamless Integration in the Development Pipeline

To meet the increasing demand for faster deployment, developer-centric DAST has adapted by integrating itself seamlessly into the software development lifecycle (SDLC). Shifting left and testing earlier in the pipeline offers significant time and cost savings through timely detection and remediation. Solutions like Bright go even a step further – we’ve integrated our scanner into the unit testing phase, revolutionizing the whole process by testing applications very early in the SDLC. 

Indeed, AppSec professionals, regardless of how good they are, cannot scale nearly at the rate of dev-centric DAST due to the very high ratio of developers to AppSec professionals and the increased demand due to frequent deployments by development. 

Therefore, instead of AppSec professionals testing each and every scan, with a dev-centric DAST, AppSec can provide governance, guidance and validation while developers can manage incremental scans early in the dev lifecycle, analyze the results presented in a dev-friendly way and remediate vulnerabilities based on clear remediation guidelines. Developers can also self-onboard with minimal AppSec assistance and immediately deliver comprehensive results. 

This enables organizations to scale their application testing endlessly across different platforms without skipping a beat. This saves countless hours of work, and with it, money – plus, it allows for AppSec professionals to focus on more pressing issues beyond analyzing each and every deployment.

Minimizing False Positives

One challenge DAST (and many other AppSec solutions)faced is the prevalence of false positives. Many tools have been designed with only the AppSec professional in mind and without regard for minimizing false positives, which easily overwhelm developers and puts additional pressure on AppSec professionals to triage them. However, modern DAST solutions are purpose built for both AppSec and developers minimizing false positives, enabling developers to focus on building and developing instead of sifting through misleading information.

Detecting Business Logic Vulnerabilities

As demand for detecting business logic vulnerabilities increases, many application security testing tools struggle to meet this challenge. Modern DAST, however, is capable of identifying these vulnerabilities across both WebApps and APIs by emulating a hacker’s behavior and testing every possible user flow until it uncovers the vulnerability. This advanced capability sets solutions such as Bright apart from other DAST solutions, allowing for a more thorough security analysis.

Language-Agnostic Testing

Unlike other application security testing tools, DAST is not language-dependent. This versatility allows it to accommodate diverse and dynamic development teams, keeping track of security features regardless of programming language differences. This ensures that no application is left untested, providing comprehensive protection across the organization.

Empowering Security Champions

The concept of security champions is still relatively new and underdeveloped. As the industry continues to grow and more security champions emerge, their role in supporting developers and bridging the gap between AppSec and development becomes increasingly important. By providing training and resources for these champions, organizations can further enhance their security posture and streamline the integration of DAST into the development process.

In conclusion, DAST’s ability to adapt and provide a simple, developer and AppSec friendly solution that effectively detects vulnerabilities without false positives ensures its continued relevance in the cybersecurity landscape. As organizations recognize the value of robust and flexible security testing tools, the resurgence of DAST will only continue to gain momentum.

Key Benefits of Modern DAST:

  1. Fast, seamless integration into the development pipeline through early SDLC integration (SecTester)
  2. Capable of detecting business logic vulnerabilities
  3. User-friendly, low-maintenance, and developer-centric approach
  4. Security champions can bridge the gap between AppSec and development
  5. Minimizes false positives, avoiding unnecessary distractions for developers
  6. Language-agnostic, accommodating diverse programming languages
  7. Efficiently tests APIs, ensuring comprehensive security coverage

Legacy DAST is dead, LONG LIVE MODERN DAST!

More

What Our Customers Say About Us

"Empowering our developers with Bright Security's DAST has been pivotal at SentinelOne. It's not just about protecting systems; it's about instilling a culture where security is an integral part of development, driving innovation and efficiency."

Kunal Bhattacharya | Head of Application Security

"Bright DAST has transformed how we approach AST at SXI, Inc. Its seamless CI/CD
integration, advanced scanning, and actionable insights empower us to catch
vulnerabilities early, saving time and costs. It's a game-changer for organizations aiming to
enhance their security posture and reduce remediation costs."

Carlo M. Camerino | Chief Technology Officer

"Bright Security has helped us shift left by automating AppSec scans and regression testing early in development while also fostering better collaboration between R&D teams and raising overall security posture and awareness. Their support has been consistently fast and helpful."

Amit Blum | Security team lead

"Bright Security enabled us to significantly improve our application security coverage and remediate vulnerabilities much faster. Bright Security has reduced the amount of wall clock hours AND man hours we used to spend doing preliminary scans on applications by about 70%."

Alex Brown

"Duis aute irure dolor in reprehenderit in voluptate velit esse."

Bobby Kuzma | ProCircular

"Since implementing Bright's DAST scanner, we have markedly improved the efficiency of our runtime scanning. Despite increasing the cadence of application testing, we've noticed no impact to application stability using the tool. Additionally, the level of customer support has been second to none. They have been committed to ensuring our experience with the product has been valuable and have diligently worked with us to resolve any issues and questions."

AppSec Leader | Prominent Midwestern Bank

Book a Demo

See how Bright validates real risk inside your CI/CD pipeline and eliminates false positives before they reach developers.

Our clients:
SulAmerica Barracuda SentinelOne MetLife Nielsen Heritage Bank Versant Health

Platform

Resources

Company

Partners

Get our newsletter

Checkboxes

Bright All rights reserved © Bright Security 2026
Terms of service Privacy policy Cookies policy