SAST (Static Application Security Testing) vs DAST (Dynamic Application Security Testing)
- SAST is a White box security testing while DAST is a Black box security testing
- SAST analyzes source code or binaries. While, DAST doesn't require source code and test is carried out with running application.
- SAST finds vulnerabilities earlier in SDLC (Software Development Life Cycle) while DAST finds vulnerabilities towards the end.
- Vulnerabilities found with SAST are less expensive to fix as the application is not yet finished. While, it is expensive to fix vulnerabilities found with DAST as application is almost complete.
- The drawback with SAST is that it cannot discover runtime and environment related vulnerabilities wile DAST is able to find such issues.
- SAST tool supports all kinds of software while DAST only scan apps like web application and web services.
No comments:
Post a Comment