Dynamic Analysis

Dynamic analysis, also known as dynamic program analysis, is the evaluation of a program or technology using real-time data. This method of analysis can be done on a virtual processor or on a real processor. Instead of taking code offline, vulnerabilities and program behavior can be monitored while the program is running, providing visibility into its real-world behavior. 

Static Vs Dynamic Analysis 

Static code analysis is done by examining the code without the need to execute the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards. All code is scanned to check for any vulnerabilities and ensure the code is validated.  

Dynamic analysis adopts the opposite approach and is executed while a program is in operation. Dynamic analysis performs continuous and concurrent risk assessments, searching for vulnerabilities within web applications and speeding interventions. 

Additional Resources

• Static Analysis (SAST) and the Truth About False Positives
• Software Composition Analysis: Identify Risk in Open Source Components
• Find Web App Vulnerabilities for Free with WhiteHat Sentinel Dynamic!