Static Application Security Testing (SAST) is tests the web based application from the within and is an internal review of an application. This can be carried when the auditor or tool has full access full access to the source code.
SAST solution usually needs to be integrated into the Systems Development Life-cycle (SDLC) to detect vulnerabilities before deployment of the application in the live environment, which can make it difficult to implement. SAST is very useful for business-critical applications that are planned over a long period of time.
Dynamic Application Security Testing (DAST) is tests the application from the "outside" when the application is running in test or production environment. A Black Box penetration test or an automated or managed vulnerability scanning can be classified as DAST.
DAST advantages are the rapid nature in which tests can be carried out, It is offers a high level of flexibility and scalability, It can be integrated quickly into a corporate security strategy.
