Which testing is referred to as white-box testing used for determining coding errors?

White-box testing is a method where the tester has an in-depth understanding of the internal workings of the application or system, including its code structure, algorithms, and logic. Static Application Security Testing (SAST) is characterized by its ability to analyze the source code or binaries for security vulnerabilities without executing the program. This testing approach allows for finding vulnerabilities during the development phase, before the software is even run, which enables developers to address coding errors early on.

SAST tools often provide detailed insights into the source code, helping identify potential vulnerabilities such as buffer overflows, SQL injection points, and other security flaws that could be exploited. This proactive approach is essential for improving the overall security posture of the application before it reaches the production environment.

In contrast, other testing methods like dynamic application security testing (DAST) and penetration testing operate from an external perspective, without access to the source code. RASP provides real-time protection during application execution but does not focus on identifying coding vulnerabilities prior to runtime like SAST does. Therefore, SAST is the specific technique that aligns with white-box testing designed to uncover coding errors and improve the security of the application’s internal structures.