Dynamic Application Security Testing tools perform attacks against a running application to find vulnerabilities attackers can exploit. They typically crawl an application to find different paths to resources and then send payloads to try to exploit various common vulnerabilities. They report on the results, whether the attacks were successful or the application successfully resisted. DAST tools lack understanding of business logic and thus have trouble finding authentication and authorization vulnerabilities.