Dynamic Application Security Testing (DAST) tests an application for security vulnerabilities in its running state, such as Cross-site Scripting (XSS), that could subject the enterprise to attack.
Static Application Security Testing (SAST) analyses the code with the aim of identifying vulnerabilities before launch, to result in more secure and reliable applications. Gartner argues that the target should be a combination of both:
Next-generation modern web and mobile applications require a combination of SAST and DAST techniques. Interactive application security testing approaches have emerged that combine static and dynamic techniques to improve testing.