A new baseline for authenticated DAST

First, Polaris fAST Dynamic now uses a generative large language model (LLM) to assist authentication. You provide the login URL and credentials, and the system interprets the rendered login experience, signs in reliably, and begins the scan. It handles common patterns, including staged pages when paired with multipage login and time-based, one-time password (TOTP)-based MFA, so teams stop authoring brittle scripts for everyday flows. Privacy is preserved by design. The model evaluates screenshots of the login experience only. URLs and credentials are not sent to the model. The practical effect is simple: Time to first authenticated scan drops from days to minutes, especially in proofs of value and during broad onboarding waves.

Second, Continuous Dynamic™ now integrates natively with enterprise secrets managers. Credentials are retrieved at scan time from the customer’s vault, used to authenticate, and not stored in the platform. Rotation policies remain where they belong—in the customer’s vault—so scans keep working as secrets change. This aligns cleanly with separation-of-duties expectations and removes the RFP friction around credentials at rest in a vendor system. Security teams see fewer failed runs due to stale passwords and fewer tickets chasing app owners. Auditors get a straightforward story to verify.

These are not flashy features. They are operational pressure-valves that turn “we will get to it next sprint” into “we started the scan.”

See both experiences live—as well as how little setup is required—in the webinar, including TOTP in Polaris fAST Dynamic and vault-sourced credentials in Continuous Dynamic.

Sign up for the webinar