Dynamic application security testing (DAST) In a classical waterfall development model, security was typically introduced at the last step, right before going to production. One of the most popular security approaches is penetration testing or pen testing. Penetration testing lets a team look at the application from a black-box security perspective, as in, closest to an attacker mindset. Reference: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-devops-security