Test web applications and APIs with Polaris fAST Dynamic

With Polaris fAST Dynamic, you can perform rapid, self-service dynamic application security testing (DAST) of web applications and APIs (both internal and external).

About DAST

Dynamic application security testing (DAST) is an AppSec testing methodology that examines web applications and APIs at runtime by simulating attacks to identify potential vulnerabilities. DAST is known as "black-box testing". DAST tools have no visibility of a web application's source code, internal interactions, or designs at the system level. They observe a web application from the outside in, examine its running state, and observe its responses to simulated attacks. The application's responses to these simulations help determine whether it's vulnerable and might be susceptible to a real malicious attack.

About Polaris fAST Dynamic

fAST Dynamic is a dynamic analysis engine and accompanying UI that brings self-service DAST capabilities to Polaris alongside SAST and SCA. Key features include:
  • An advanced DAST scanner optimized for single-page applications (SPAs), JavaScript frameworks, and APIs.
  • Fully automated DAST testing, tightly integrated with the Polaris platform.
  • Fast and simple project onboarding and scan initiation.
  • Authenticated DAST scans with support for Forms, SAML, and Selenium authentication.
  • Optimized checkers deliver low false positives while providing accurate vulnerability detection—emphasizing high-value checks that identify the highest-risk issues.
  • Scales to accommodate a large number of DAST projects without compromising on performance.
  • View DAST issues alongside SAST and SCA issues and triage by severity.
  • Scan internal web applications and APIs (inside a private network) with the Secure Tunnel feature of the Bridge CLI (powered by the Teleport Access Platform).
  • Developer Detail Dynamic report: get an overview of all DAST issues in the selected application scope.
CAUTION: fAST Dynamic is intended for scanning pre-production web applications and APIs only.

About active attacks

fAST Dynamic includes functionality to perform active attacks on your pre-production web applications and APIs.

If you select the Perform Active Attacks checkbox when creating a DAST project, fAST Dynamic will simulate real-world attacks by sending various inputs and then observing the application's or API's behavior.

Warning: Be aware that these attacks can degrade the application and expose sensitive data.