If you were in charge of web application security and needed vulnerability scanner and had option between static code or dynamic code analysis which one would you prefer? (Of course, I realize, having both is the best answer) Also the scanners are just as good as their rule engines go. But as far as I have seen there are more dynamic scanners there are than static ones. Here is some info on pros and cons of both http://gcn.com/Articles/2009/02/09/Static-vs-dynamic-code-analysis.aspx?Page=1
Asked
Active
Viewed 28 times
0
-
2You need to provide a lot more details on your specific context of use and on what you've looked into and what you're trying to solve. Right now the question is either too vague or subjective/opinion-based. In both cases it's unanswerable. My take is: you need to use the right tool for the right job. Static and dynamic analysis are used for entirely different problems, and static analysers are harder because (I believe,
) static analysis has more complex theoretical grounds . – Steve Dodier-Lazaro Aug 21 '14 at 17:31 -
Which would you rather, a dentist or a heart specialist? I can't afford to send you to both. – AviD Aug 21 '14 at 19:02
-
1This question, though, is not a duplicate. There's much more to static and dynamic analysis than just white and black box testing... Both in what they can do and why you would choose to use them. – Steve Dodier-Lazaro Aug 21 '14 at 22:48
-
@AviD dentist... good analogy :) – tacos_tacos_tacos May 13 '16 at 21:54