Final answer:
Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are two techniques used for software assurance. SAST involves analyzing the source code or binaries, while DAST involves testing the running application.
Step-by-step explanation:
Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are two important techniques used for software assurance. SAST involves analyzing the source code or binaries of an application to identify potential security vulnerabilities. This is done through techniques like code review, data flow analysis, and pattern matching. On the other hand, DAST involves testing the application in a running state to identify vulnerabilities by sending various types of inputs and analyzing the application's responses.
For SAST, tools like Checkmarx, Fortify, and SonarQube can be used. These tools analyze the source code or binaries of the application and provide reports on potential security vulnerabilities. They can scan for issues like input validation, access control, and insecure coding practices.
For DAST, tools like OWASP ZAP, Burp Suite, and Acunetix can be used. These tools simulate real-world attacks on the running application and look for vulnerabilities like cross-site scripting, SQL injection, and insecure session management.