DAST Tool Configuration

A structured, repeatable process for reviewing Dynamic Application Security Testing (DAST) tool configurations against OWASP Top 10:2021 and the OWASP Testing Guide v4.2 (WSTG). This skill covers OWASP ZAP configuration, scan policy tuning, active vs. passive scanning, API scanning with OpenAPI import, authenticated scanning, CI/CD integration, scope management, and results deduplication. All findings map to OWASP Top 10 categories and WSTG test IDs.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Initial DAST deployment and scan policy configuration.
• Review of existing DAST integration in CI/CD pipelines.
• Authenticated scanning setup or troubleshooting.
• API security testing configuration (REST, GraphQL).
• DAST results triage workflow design.
• Compliance audits requiring dynamic testing evidence (PCI DSS 6.3.2, SOC 2).