90% of security incidents result from attackers exploiting known software bugs. If you can eliminate bugs in the developement phase of software, it could reduce information security risks facing many organizations. The following techniques are most commonly used for security testing of applications.

It checks if coding is in conformance with the guidelines and standards. SAST does not find runtime errors. SAST can be easily automated and integrated in project's workflow.

It is also known as blackbox testing. Used for finding vulnerabilities in web applications. DAST also allows you to identify flaws in authentication and configuration issues. DAST does not flag coding errors.

Often SAST and DAST are used in tandem to improve performance.

SAST and DAST are older technologies but they can not handle modern web and mobile applications wherein extensive AJAX and other interactive technologies are used.

RASP works inside the application and is more of a security tool. It is plugged into application and controls application execution. RASP lets the application to run continuous security checks on itself and response to live attacks by terminating attacker's session and alerting defender to the attack.