The secure software development landscape is forever changing, and with those changes comes a confusing bunch o f terms and terminology.
To clarify some relevant terms - Static analysis is a collective name for test regime s that involves the automated “inspection” of source code. Similarly, dynamic analysis involves the execution of some or all of that source code.
Focus those techniques on security issues, and the result is Static Analysis (or Application) Security Testing (SAST ) and Dynamic Analysis (or Application) S ecurity Testing respectively.
There are wide variations within these groupings, however. For example, Penetration, Functional, and Fuzz Tests are all “black box” DAST tests needing no access to source code in order to fulfil their function.
Black box DAST is complementary to “ white box ” DAST tests including the unit, integration , and system tests used to reveal vulnerabilities in application source code through dynamic analysis during the SSDLC . The y are used in conjunction with SAST to ensure designed-in security for application software .