Cybersecurity: Enhancing Dynamic Application Security Testing (DAST) - A Systematic Literature Review

Cybersecurity: Enhancing Dynamic Application Security Testing (DAST) - A Systematic Literature Review | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Cybersecurity: Enhancing Dynamic Application Security Testing (DAST) - A Systematic Literature Review Karthikeyan Ramdass This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8089587/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract DAST testing is a vital tool to detect the real-time weaknesses of web applications without even looking at the source code. False positive and negative, inability to cover dynamic content and complex business logic are some of the challenges facing DAST despite its strengths. This paper includes a detailed overview of the strong and weak aspects of DAST, such as methods suggested in the literature to improve its accuracy and usefulness, such as multi-step scanning, manual exploration, reusable templates, and AI-based remedies. Besides, the paper focuses on the need to align the DAST practices with compliance standards (OWASP Top 10, PCI DSS, and HIPAA). According to these findings, a conceptual framework is suggested to optimize the use of DAST in enterprise settings through the combination of automated scanning and manual exploration and template-based optimization. The framework is intended to enhance the coverage, minimize false positives and enhance the detection. The study not only adds theoretical knowledge, but also offers practical advice, making it a step towards the success of future empirical research on the validity of DAST methodologies when applied in various web applications. DAST web application security automated scanning false positives compliance standards Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8089587","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":544133343,"identity":"751ebe04-33cd-48dd-b992-1a0bccf156b5","order_by":0,"name":"Karthikeyan Ramdass","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA/klEQVRIiWNgGAWjYBACCSBmZjBIAHMO/6kAcZkbCGlhbIZqYTzAcwakhZEYLQxgLcwHeNvAWvFrkWw/+/xxQUEag3n76YQDkvNqo/nbgVp+VGzDqUWaJ92weYZBDoPMmdwNBwy3Hc+dcZixgbHnzG2cWuQY0hibeQwqgC4Eakncdiy3AaiFmbENjxb+Z1At/G83HDg451jufEJapCXAtuQwSEjkbjjY2FCTu4GQFskZzxhn8xik8UhIvN1wmOHYgdyNQC0H8flF4nwaw2eeP8lyEvy5mz8z1NTlzjt/+OCDHxW4tcAAD5Q+DCYPEFSPBOpIUTwKRsEoGAUjBAAAk2BZnt6K94oAAAAASUVORK5CYII=","orcid":"","institution":"Salesforce – Cybersecurity Lead Member of Technical Staff","correspondingAuthor":true,"prefix":"","firstName":"Karthikeyan","middleName":"","lastName":"Ramdass","suffix":""}],"badges":[],"createdAt":"2025-11-11 18:38:08","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-8089587/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8089587/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":95834402,"identity":"ae4f65a5-3817-4487-a2a1-b153b0ea3587","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"doc","order_by":0,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":906240,"visible":true,"origin":"","legend":"","description":"","filename":"DynamicApplicationSecurityTestingKarthikeyanRamdass.doc","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/a3019fef0c9e2244b16bec56.doc"},{"id":95834411,"identity":"4a1eca18-4d05-4c88-a02c-334290327dde","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"json","order_by":1,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":3076,"visible":true,"origin":"","legend":"","description":"","filename":"193824170f6f44aaa8df2753b4e34cda.json","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/1923e8e0fad1ac23418e1e12.json"},{"id":95834401,"identity":"deee082b-bfaa-44a7-8028-c4309f725f73","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"xml","order_by":2,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":88836,"visible":true,"origin":"","legend":"","description":"","filename":"193824170f6f44aaa8df2753b4e34cda1enriched.xml","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/8a6e6cf42324dbb5375482a7.xml"},{"id":95834399,"identity":"781a060e-73e6-4c0b-abc9-768114d0a2bd","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"png","order_by":3,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":126768,"visible":true,"origin":"","legend":"","description":"","filename":"floatimage1.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/ef648aad602d1621332d285d.png"},{"id":96241051,"identity":"995bb0d1-1377-4de4-a0a5-c3cb04c88b83","added_by":"auto","created_at":"2025-11-19 07:09:56","extension":"png","order_by":4,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":181742,"visible":true,"origin":"","legend":"","description":"","filename":"floatimage2.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/f0952d9ef3dcf8264bc8837c.png"},{"id":95834398,"identity":"2f7fa8fe-b348-4694-ad84-312a583042d1","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"png","order_by":5,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":101183,"visible":true,"origin":"","legend":"","description":"","filename":"floatimage3.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/3925d9f61ff1902d2fe9db6b.png"},{"id":96239527,"identity":"4d4295f9-73f0-45a5-8585-ab1e52180ec9","added_by":"auto","created_at":"2025-11-19 07:06:53","extension":"png","order_by":6,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":155558,"visible":true,"origin":"","legend":"","description":"","filename":"floatimage4.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/e5ad1c729a77b1c47af35bf7.png"},{"id":95834405,"identity":"c0513ae2-38d0-4bc0-8572-be63829b61dc","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"png","order_by":7,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":193853,"visible":true,"origin":"","legend":"","description":"","filename":"floatimage5.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/90f88febe0e3e6e1c0aa746f.png"},{"id":95834407,"identity":"d8bdd64c-ecda-4ae5-b9d9-276a5f0c90e1","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"png","order_by":8,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":32577,"visible":true,"origin":"","legend":"","description":"","filename":"Onlinefloatimage1.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/0e320b8c9640399b2afc376e.png"},{"id":96240001,"identity":"a5dba316-d9af-4432-a965-506f0d4fe52d","added_by":"auto","created_at":"2025-11-19 07:08:07","extension":"png","order_by":9,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":32400,"visible":true,"origin":"","legend":"","description":"","filename":"Onlinefloatimage2.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/5da7e46b25dd8ca75ba76c9c.png"},{"id":96239890,"identity":"11b5dbd0-a6ae-4a22-ba74-1fb9c95bd60d","added_by":"auto","created_at":"2025-11-19 07:07:53","extension":"png","order_by":10,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":16730,"visible":true,"origin":"","legend":"","description":"","filename":"Onlinefloatimage3.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/06d1855bd46309c91428b5f4.png"},{"id":95834403,"identity":"ebb3a37a-ebd2-4a84-9d4d-c3c788746723","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"png","order_by":11,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":42535,"visible":true,"origin":"","legend":"","description":"","filename":"Onlinefloatimage4.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/f0757b9ee27b8654621f4cc2.png"},{"id":96239677,"identity":"95f06c7d-b4f1-4a4a-ba55-d50960510e9f","added_by":"auto","created_at":"2025-11-19 07:07:19","extension":"png","order_by":12,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":14276,"visible":true,"origin":"","legend":"","description":"","filename":"Onlinefloatimage5.png","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/248c828ca0b1fe30fd2ef8d4.png"},{"id":95834412,"identity":"1fe7f6c7-a1ea-4888-bb21-15da54899fe9","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"xml","order_by":13,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":86294,"visible":true,"origin":"","legend":"","description":"","filename":"193824170f6f44aaa8df2753b4e34cda1structuring.xml","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/c8bd270e92d301c1f11b98bb.xml"},{"id":95834409,"identity":"9c2ba12e-c59d-4476-9665-f5617c8277b5","added_by":"auto","created_at":"2025-11-13 13:02:27","extension":"html","order_by":14,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":96449,"visible":true,"origin":"","legend":"","description":"","filename":"earlyproof.html","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1/67395ca5843cb8d22b82ddc0.html"},{"id":96255050,"identity":"a51f484a-9b29-4c61-b314-d3444745b9db","added_by":"auto","created_at":"2025-11-19 07:47:31","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":550449,"visible":true,"origin":"","legend":"","description":"","filename":"DynamicApplicationSecurityTestingRevised.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8089587/v1_covered_510e860d-bcb6-4245-9076-aa301e69f3f5.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Cybersecurity: Enhancing Dynamic Application Security Testing (DAST) - A Systematic Literature Review","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"DAST, web application security, automated scanning, false positives, compliance standards","lastPublishedDoi":"10.21203/rs.3.rs-8089587/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8089587/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eDAST testing is a vital tool to detect the real-time weaknesses of web applications without even looking at the source code. False positive and negative, inability to cover dynamic content and complex business logic are some of the challenges facing DAST despite its strengths. This paper includes a detailed overview of the strong and weak aspects of DAST, such as methods suggested in the literature to improve its accuracy and usefulness, such as multi-step scanning, manual exploration, reusable templates, and AI-based remedies. Besides, the paper focuses on the need to align the DAST practices with compliance standards (OWASP Top 10, PCI DSS, and HIPAA). According to these findings, a conceptual framework is suggested to optimize the use of DAST in enterprise settings through the combination of automated scanning and manual exploration and template-based optimization. The framework is intended to enhance the coverage, minimize false positives and enhance the detection. The study not only adds theoretical knowledge, but also offers practical advice, making it a step towards the success of future empirical research on the validity of DAST methodologies when applied in various web applications.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e","manuscriptTitle":"Cybersecurity: Enhancing Dynamic Application Security Testing (DAST) - A Systematic Literature Review","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-11-13 13:02:22","doi":"10.21203/rs.3.rs-8089587/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"47b9260f-e1d0-42f7-bed4-5055c7790478","owner":[],"postedDate":"November 13th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-11-18T08:39:19+00:00","versionOfRecord":[],"versionCreatedAt":"2025-11-13 13:02:22","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8089587","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8089587","identity":"rs-8089587","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}