We are planning to purchase and integrate a DAST tool into our SDLC process. We started examining products from multiple vendors and we are slowed down by the nature of cloud architecture.
Think about it: Connect apps are hosted as separate services on another domain on the internet. Authentication is provided by Jira and a JWT token is handed over to our service. The tools we are testing tend to detect Jira as the main application being tested but in fact we are trying to test our service.
On one hand, our service looks as an integral part of the main web application (which is Jira) but it is not. On the other hand, this architecture much or less resembles a micro-service architecture so it shouldn’t be much of a problem to test.
Long story short, does anybody have experience with using DAST tools to test Connect apps? If yes, what are the pitfalls? Did you get and tangible benefit from using such a tool?