Manual assessment of an application involves human intervention to identify the security flaws which might slip from an automated tool.
Usually business logic errors, race condition checks, and certain zero-day vulnerabilities can only be identified using manual assessments.
DAST tools allow sophisticated scans, detecting vulnerabilities with minimal user interactions once configured with host name, crawling parameters and authentication credentials.
These tools will attempt to detect vulnerabilities in query strings, headers, fragments, verbs (GET/POST/PUT) and DOM injection.
[4] While scanning with a DAST tool, data may be overwritten or malicious payloads injected into the subject site.