Which testing method would likely be chosen for identifying security flaws in source code during the development phase, especially on a budget?

SAST, or Static Application Security Testing, is the most appropriate choice for identifying security flaws in source code during the development phase, particularly for organizations that are budget-conscious. This method involves analyzing the source code, bytecode, or binary code for vulnerabilities without executing the program.

One of the key advantages of SAST is that it can be integrated early in the development lifecycle, allowing developers to identify and remediate issues before the code is even run. This early detection can be more cost-effective, as fixing flaws in the later stages of development or after deployment can be significantly more expensive and time-consuming.

Additionally, SAST tools can analyze the entire codebase, find vulnerabilities that could lead to security risks, and provide detailed reports that help developers understand the nature of these flaws. This paves the way for a more secure development process, aligning with best practices in secure software development.

In contrast, other testing methods such as IAST and DAST are typically employed later in the lifecycle. IAST requires the application to be running for it to detect vulnerabilities as it monitors the application from the inside during runtime, which may not align with the early development phase focus. DAST operates by testing the application in its fully executed state, often requiring a deployed