Dynamic Code Analysis is a method used to analyze an application during its execution. This Dynamic Code Analysis process is often broken up into these steps:
- Preparing input data;
- Running the program;
- Gathering the necessary parameters;
- Analyzing the output data.
It is important to note that dynamic code analysis can only be done if source code is successfully compiled into an executable file. You cannot use these tools to analyze code containing compilation and/or build errors.
Dynamic Code Analysis will show you four things:
- Resource Consumption – The time of program execution on the whole or its modules individually, the number of external queries (for example, to the database), the amount of memory being used, and other resources;
- Cyclomatic complexity – the degree of code coverage with tests, and other program metrics;
- Program errors – division by zero, null pointer dereferencing, and memory leaks are examples of what can be found;
- Vulnerabilities in the program.
Dynamic analysis can be performed on programs written in various programming languages: C, C++, Java, C#, PHP, Python, Erlang, and many others.