Binary Code
VE ETE
Source Code
PvE ET Ey
The scope of a binary analysis Is the
whole application which includes the
SDKs, Frameworks, and Libraries.
it can be used only after the code Is
compiled to binary/bytecode.
Less False Positives and Negatives
are detected since the compiler
removes dead/unused code on the
binary/bytecode. The compiler itself
optimizes the binary which helps in
discovering more accurately the
security issues.
Binary analysis can easily be used
along with Dynamic Application
Security Testing (DAST) to detect
runtime issues, memory & logical
bugs.
Binary analysis is language agnostic.
As long as the binary can run, it will
accurately figure out all security
issues.
Binary analysis is faster, convenient
and accurate.
it is limited to the visible source
packages and thus may miss some
vulnerabilities that end up in the
compiled code,
It can be used early during coding
stages and can also identify non
security or code quality Issues such as
duplicate code or unused code.
4 lot of False Positives are detected
because of dead/unused codes.
Security issues that occur during
runtime, such as sensitive file
creation, sensitive data in memory,
logical bugs via runtime are not
detected.
It is a software language-specific
analysis that might lose context if
different languages are used in the
same application.
Source code analysis requires the
source code to be shared, which is
slower. Dependency on different
languages makes it inconvenient
Without visibility in SDKs and
Libraries, the results are both False
Positive as well as Negative,