Code is the main focus of Static Application Security Testing (SAST). It operates at the beginning of the CI pipeline, scanning binary, bytecode, or source code to find problematic coding patterns that are against industry standards. Programming languages affect SAST.
A black-box testing technique called Dynamic Application Security Testing (DAST) examines apps as they are being used. Later on in the CI pipeline, it is used. DAST is an effective strategy for avoiding regressions and is independent of the programming language used.
In that it concentrates on application behaviour in runtime, Interactive Application Security Testing (IAST) is comparable to DAST. Instead, IAST analysis is based on a mix of internal application flow analysis, scanning, and black-box testing. IAST has the advantage of tying DAST-like discoveries to source code like SAST. This method's drawback is that it makes IAST dependent on the programming language and can only be executed later in the CI pipeline.
Software Composition Analysis (SCA) focuses on the application's utilisation of external code dependencies. Applications that make extensive use of open-source libraries benefit greatly from software composition analysis. This technique also depends on the programming language.
Read More @ https://cmiblogdailydose.blogspot.com/2023/02/dynamic-application-security-testing.html
