ZeroPath at Black Hat USA 2026
DYNAMIC TESTING (DAST)

Dynamic Testing

Test your running applications for security issues that only appear at runtime. Point ZeroPath at a target, or let it build and run your app from source for you, then confirm which findings are actually exploitable — and verify that fixes work after deploy.

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
Discover

Find vulnerabilities that only appear when the application is running, including IDOR, prompt injection, blind SSRF, and more.

Confirm

Take a SAST finding and test it against the live application to see if it is actually exploitable.

Verify Fixes

After a fix is deployed, re-run the same test to confirm the vulnerability no longer reproduces.

Auto-Provisioned Testing

No Running Environment? ZeroPath Builds One.

You don't need a deployed target or credentials. Point ZeroPath at the repository and it builds and runs each application from its own source inside an isolated container, then tests it — no setup required.

Build & Run From Source

A setup agent provisions the app from source — installs dependencies, starts datastores, and launches it — with no target URL or credentials needed.

Isolated Per-App Sandboxes

Each application runs in its own credential-free gVisor sandbox; nothing touches your infrastructure.

One Click, or Your Whole Repo

Auto-provision and validate a single application, or every detected application at once — one sandbox each.

Accurate Severity

Exploitability, Not Just Theory

ZeroPath records what configuration an exploit actually requires and weighs it into severity, so a finding that needs heavy non-default setup to reach isn't over-rated — you triage by what is genuinely exploitable.

What It Finds

Issues that require a running application to detect

Prompt Injection

Checks whether AI features in your application follow injected instructions when inputs are manipulated.

IDOR

Tests object references across user roles to find cases where one user can access another user's data.

Vulnerability Chaining

Composes confirmed findings into multi-step attack chains that maximize impact, each with a reproducible proof-of-concept and the configuration every step requires.

Out-of-Band (OOB)

Catches blind SSRF, blind XXE, blind SQL injection, and DNS exfiltration. These are vulnerabilities that don't show up in the HTTP response.

Runtime Validation

Confirm SAST Findings at Runtime

Choose a finding from a static scan and run a dynamic test against your live application to see if it is exploitable. Results come back with evidence of what was tested and what happened.

Test One Finding or All of Them

Run against a single issue or validate every finding in an application profile at once.

Evidence for Every Result

Each result shows what was sent, what came back, and whether the finding was confirmed or not.

Clear Outcomes

Every run is categorized as confirmed, disconfirmed, unable to test, or queued.

How it works

  1. 1

    Pick a finding

    Select a single issue or an entire application profile.

  2. 2

    ZeroPath tests it live

    Requests are sent to your running application targeting the specific vulnerability.

  3. 3

    Review the evidence

    See exactly what was tested and the result, attached to the original finding.

Fix Verification

Re-Test After Deploy

After a fix is deployed, re-run the same dynamic test to confirm the vulnerability is gone. If it still reproduces, the issue stays open.

Application Profiles

Set Up Once, Reuse for Every Test

Save your target URLs, credentials, and test inputs in an application profile so you don't have to reconfigure anything between runs.

Stored Credentials

API keys, tokens, and test accounts are saved securely in the profile.

Pre-Run Checks

Tests won't start until the profile has everything it needs, so you don't waste runs on bad config.

Linked to Your Findings

Dynamic test results stay connected to the original SAST finding so everything is in one place.

SAST + DAST

From Code Finding to Runtime Proof

Go from a static analysis finding to a confirmed exploit in one click. Triage from evidence instead of guesswork.

  • SAST finds the issue in code
  • DAST tests it against the running app
  • Fix verification confirms the patch works

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization