What does DAST specifically test within software?

Dynamic Application Security Testing (DAST) specifically tests software while it is in an operational state, meaning that it assesses the application during runtime. This form of testing simulates various attacks to identify vulnerabilities that could be exploited in a real-world scenario. By testing the application in its deployed environment, DAST uncovers issues that may not be visible in the source code but could be significant when the application is functioning.

In contrast, assessing the user interface would refer more to usability testing rather than security vulnerabilities. Evaluating code structure and logic pertains to static analysis, which examines the source code without executing the program. Testing database performance targets the efficiency and speed of database queries rather than the security vulnerabilities of the application itself. Thus, the primary focus of DAST on operational software makes it an important tool in identifying potential security risks in a live environment.