Brief review of types of software testing.

DAST: Dynamic Application Security Testing- Runtime testing of live code in a controlled environment. Best used later in development as the code/application must execute to be tested.

Example service providers: Invicti DAST Vulnerability Scanner

SAST: Static Application Security Testing- Pre-execution testing for syntax, library links, and logical flaws. Best used throughout all of development. Often included in many IDEs.

Example service providers: GitLab, SonarQube

IAST: Interactive Application Security Testing- Testing for OS interactions integrated with IDE. Best used throughout all of development.

Example service providers: Acunetix (by Invicti)

RASP: Runtime Application Self-Protection- Post deployment monitoring for abnormal running conditions that could indicate attack. Best used in production environments with testing to prevent undesirable behaviors.

Example service providers: Contrast Security

Please note- I am not sponsored by these organizations, nor have I personally tested them. This information was for surface research in available tools related to security testing, as I am not a security expert. Other knowledge gleaned from CSSLP Exam Guide 3rd Edition