Dynamic Application Security Testing (DAST) focuses on which aspect of application security?

• A. Testing design documents
• B. Testing running applications for vulnerabilities
• C. Reviewing code for compliance
• D. Assessing user interface design

Answer: (B)

Dynamic Application Security Testing (DAST) is primarily concerned with testing running applications for vulnerabilities. This form of testing takes place while the application is operational, allowing security professionals to evaluate how an application behaves in real-time environments. DAST tools simulate attacks on the application to identify vulnerabilities, such as security flaws that could be exploited by an attacker during normal operation.

By focusing on the application's operational state, DAST can reveal issues that might not be apparent when inspecting design documents or static code (the approaches emphasized in other options). Additionally, this type of testing is effective in identifying issues related to configurations and environmental factors that could lead to security weaknesses. Thus, choosing to focus on testing running applications for vulnerabilities directly aligns with the core purpose of DAST in improving application security.