Dynamic analysis finds vulnerabilities in a runtime environment. Automated tools analyze the input and output of an application for potential threats like SQL injection. Tools can also search for other application-specific issues and analyze server configuration errors. The purpose of dynamic analysis is to analyze the program as an attacker would, looking for entry points and vulnerable sections during program execution.
Assume there’s a team of developers writing a web application. They’re partially into the development cycle when they realize they’re having an issue with the data structures created by the program.
They decide to use a dynamic analysis tool, then instruct the tool to record the linkages among heap-allocated storage cells. Afterwards, they use this data to find an issue with the shape of the data structures, allowing them to move on with the development cycle.
With so many modern devices supporting web integration, secure coding practices are more important than ever. Dynamic code analysis, for example, has become an important tool in demonstrating safety compliance of medical devices to the FDA. It provides efficient analysis of potential threat and, when combined with static analysis, provides a powerful overview of possible vulnerabilities.