Dynamic Code Analysis is a method used to analyze an application during its execution. This Dynamic Code Analysis process is often broken up into these steps:
- Preparing input data;
- Running the program;
- Gathering the necessary parameters;
- Analyzing the output data.
It is important to note that dynamic code analysis can only be done if source code is successfully compiled into an executable file. You cannot use these tools to analyze code containing compilation and/or build errors.
Dynamic Code Analysis will show you four things:
- Resource Consumption – The time of program execution on the whole or its modules individually, the number of external queries (for example, to the database), the amount of memory being used, and other resources;
- Cyclomatic complexity – the degree of code coverage with tests, and other program metrics;
- Program errors – division by zero, null pointer dereferencing, and memory leaks are examples of what can be found;
- Vulnerabilities in the program.
Dynamic analysis can be performed on programs written in various programming languages: C, C++, Java, C#, PHP, Python, Erlang, and many others.
Additional Reading: Dynamic Code Analysis Software Market 2020 In-Depth Analysis and Future Forecast 2020-2026
Related Terms: Static Code Analysis, Vulnerability
Should a SMB Do Dynamic Code Analysis?
Dynamic Code Analysis is capable of exposing subtle flaws or vulnerabilities too complicated for static code analysis alone to reveal. A dynamic test will only find defects in code that is actually executed. Businesses must weigh these considerations with the complexities of their own situation. Application type, time, and company resources are some of the primary concerns. Dynamic code analysis is a great example of putting some small checks in place to identify and fix issues before they go into production and become much more difficult and costly to fix. An ounce of dynamic code analysis prevention is worth a pound of cure later on.