Static application security testing (SAST) is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the "inside out" in a nonrunning state.

SAST uses a Static Code Analysis tool, Code Analyzer looks at the source code to check for coding and design flaws that could allow for malicious code injection. Some examples of these malicious attacks, according to OWASP, include SQL Injections, Command Injections, and Server-Side Injections, among others

Dynamic Application Security Testing (DAST) is the process of analyzing a web application through the front-end to find vulnerabilities through simulated attacks. This type of approach evaluates the application from the "outside in" by attacking an application like a malicious user would. After a DAST scanner performs these attacks, it looks for results that are not part of the expected result set and identifies security vulnerabilities.

A DAST scanner searches for vulnerabilities in a running application and then sends automated alerts if it finds flaws that allow for attacks like SQL injections, Cross- Site Scripting (XSS), and more. Since DAST tools are equipped to function in a dynamic environment.