Static analysis is the process of inspecting an application’s runtime behaviors for flaws and vulnerabilities, backdoors, and malicious code. The analysis is often performed with standalone tools in a non-runtime environment. This means that we look statically at how the written code was intended to behave, but we cannot see the outcomes of that behavior.¹

To get a more holistic view of how the application actually behaves in the real world, dynamic analysis is usually performed. Dynamic analysis takes overall system performance into account and monitors behavior, response time, network connections, and system memory.²

Each method has its pros and cons. Static analysis may be more thorough and cost-effective, but it may be difficult to uncover minor coding flaws, and dynamic analysis is only effective in testing the part of the code that is being executed by the program. If it’s not executed during a runtime simulation, then there will be no results related to that particular piece of code.³

References:

[1] https://for585.com/staticdynamic

[2] Ibid

[3] Ibid