Which testing method is known as white-box testing that analyzes source code for vulnerabilities?

The testing method known as white-box testing that analyzes source code for vulnerabilities is SAST, which stands for Static Application Security Testing. This approach involves examining the application's source code, bytecode, or binary code to identify security flaws and vulnerabilities at an early stage of the development process. By doing so, developers can address potential issues before the code is even executed, making it an effective strategy for ensuring secure code practices.

SAST tools can provide detailed insight into the application's internal workings, allowing for a comprehensive review of control structures, data flow, and interactions with external components. This analysis is integral to building secure applications, as it focuses on identifying vulnerabilities that may not be detected during runtime, such as issues stemming from poor coding practices, misconfigurations, or inadequate input validation.

In contrast, other options like penetration testing and DAST (Dynamic Application Security Testing) analyze vulnerabilities in different ways. Penetration testing typically mimics a real attack to identify how effective security measures are against external threats, while DAST focuses on testing the running application from an external viewpoint without access to source code. Therefore, SAST uniquely provides a deep dive into the code itself, making it the appropriate answer for this query.