An overview of static and dynamic analysis in application security testing

Nguyen Thanh Cong; Le Huy Toan; Ta Minh Thanh

Nguyen Thanh Cong Le Quy Don Technical University
Le Huy Toan Department of Digital Transformation and Environment Resources Data Information – Ministry of Natural Resources and Environment
Ta Minh Thanh Le Quy Don Technical University

Keywords: Information security; Static analysis; Dynamic analysis; Security vulnerabilities; Software testing.

Abstract

In the context of increasingly complex information systems facing numerous cybersecurity threats, the evaluation of information security has become crucial. This paper focuses on two common methods of information security assessment: static analysis and dynamic analysis. Static analysis examines source code or binary code to detect security vulnerabilities during the software development phase. Dynamic analysis tests system security during operation, helping to identify vulnerabilities at runtime. The paper provides an overview of the techniques and tools for both methods, while comparing their advantages and disadvantages. Static analysis helps detect errors early but may miss runtime errors, while dynamic analysis performs real-world testing but can disrupt system operations. The combination of both methods yields the best results in ensuring information security.

An overview of static and dynamic analysis in application security testing

Abstract

BỘ KHOA HỌC VÀ CÔNG NGHỆ - MINISTRY OF SCIENCE AND TECHNOLOGY OF VIETNAM

CỤC THÔNG TIN, THỐNG KÊ - NATIONAL AGENCY FOR SCIENCE AND TECHNOLOGY INFORMATION AND STATISTICS