Application Security Testing Types
There are two types of application security testing SAST - (Static Analysis Security Testing) DAST - (Dynamic Analysis Security Testing) SAST Directly analyzes the source code without executing it. Finds security flaws in logic, APIs, inputs, and error handling, before the app runs. SAST tool highlights this as a critical flaw immediately and is conducted as White-box testing during the early stages of development. Tools Used: SonarQube, Checkmarx, Fortify, Veracode DAST Tests the application while running by sending real-world attack patterns. Finds runtime vulnerabilities like: Broken authentication. SQL Injection by actually sending SQL payloads into forms. DAST sends an input like ' OR '1'='1 into a login form. Vulnerability is reported if the app responds incorrectly (e.g., allows login). DAST finds bugs after the app runs and is conducted during pen-testing and pre-release testing as Black-box Testing. Tools Used: OWASP ZAP, Burp Suite, Acunetix
There are two types of application security testing
SAST - (Static Analysis Security Testing)
DAST - (Dynamic Analysis Security Testing)
SAST
Directly analyzes the source code without executing it.
Finds security flaws in logic, APIs, inputs, and error handling, before the app runs.
SAST tool highlights this as a critical flaw immediately and is conducted as White-box testing during the early stages of development.
Tools Used: SonarQube, Checkmarx, Fortify, Veracode
DAST
Tests the application while running by sending real-world attack patterns.
Finds runtime vulnerabilities like:
Broken authentication.
SQL Injection by actually sending SQL payloads into forms.
DAST sends an input like ' OR '1'='1 into a login form. Vulnerability is reported if the app responds incorrectly (e.g., allows login).
DAST finds bugs after the app runs and is conducted during pen-testing and pre-release testing as Black-box Testing.
Tools Used: OWASP ZAP, Burp Suite, Acunetix
