Static application security testing (SAST):
Is a type of security testing that relies on inspecting the source code of an application. In general, SAST involves looking at the ways the code is designed to pinpoint possible security flaws.
Dynamic application security testing (DAST):
Is a process of testing an application or software product in an operating state. This kind of testing is helpful for industry-standard compliance and general security protections for evolving projects.
Tech companies offer both DAST and SAST services. Typically, these cover different types of ground in comprehensive testing processes — for example, DAST may only cover certain parts of the interface or design. Using DAST and SAST in combination can help catch different types of security problems before a product is released or develops a growing user base.