Cobalt DAST (Dynamic Application Security Testing) is an automated vulnerability scanning tool for web applications and APIs. It is powered by Snyk and is offered as part of Cobalt's broader Pentest as a Service (PtaaS) platform. The tool performs continuous, automated scans across domains, subdomains, and standalone APIs to identify vulnerabilities and misconfigurations. It supports authenticated scans, allowing it to inspect areas of web applications that are behind login forms and authentication layers, providing coverage beyond externally accessible endpoints. Cobalt DAST reduces false positives through advanced fingerprinting that recognizes popular web applications and APIs to optimize test configuration. Scan results are surfaced in the Cobalt platform, where findings can be reviewed, triaged, and used to generate automated security reports or incorporated into manual pentest workflows. Remediation validation is included at no additional cost, allowing teams to retest specific vulnerabilities after fixes have been applied. Crawl reports are available to confirm the quality and coverage of each scan. The tool integrates with over 100 third-party integrations and is also accessible via the Cobalt API. It is designed to complement manual penetration testing within the SDLC by providing ongoing automated coverage between scheduled pentests. Average scan time is approximately two hours. The tool is positioned for use by security teams seeking continuous application security monitoring alongside periodic in-depth manual testing.