DAST is a testing method to uncover potential security flaws by performing automated security testing against a running target; for example, a web application or an API. DAST can also identify runtime and environment-related issues, such as misconfiguration, which is difficult to detect in source code.

Presently, DAST only applies to web applications or web-facing components of software  including web APIs. This will include OpenShift/Kubernetes components.

Acceptance criteria

• A dynamic application security testing (DAST) scan is performed by integrating RapiDAST in the product QE regression test suite and executed on a regular basis against the HTTP endpoints of the product or service.
• A Jira issue is created in the Jira project for the component scanned for all findings in the DAST scans results.
• Person assignment and a target end date or due date are specified
• All Security issues found through DAST must be addressed and fixed according to Vulnerability SLA and Weakness RRT.

For further information on 

• Roles and responsibilities
• Place in the software lifecycle
• References

visit RH-SDL Section 2: Secure Development Activities Confluence 

Runbook: DAST (Dynamic Application Security Testing)