• Static AST (SAST) analyses the source code for vulnerabilities. This is typically done during the applications development and testing phase.
• Dynamic AST (DAST) analyses the application during its operational state or as part of the testing process. DAST can simulate attacks against web-enabled applications, services and APIs, analysing the application’s reactions and determines whether it is vulnerable.
• Interactive AST (IAST) identifies and manages security risks discovered in running web applications. IAST uses dynamic testing (often referred to as runtime testing) techniques, which monitor an application as it runs and gathers information about what it does and how it performs. This allows Secure Development Operation (SecDevOps) teams to monitor applications in real time as they run, giving up to date security information.
• Software Composition Analysis (SCA) is used for open-source and third-party components in an application, it looks at known security vulnerabilities and license restrictions. This gives SecDevOps teams a handle on what they are plugging into their application and its limitations.