Vulnerability assessment: Vulnerability scanning serves to interrogate a specific information system or an entire network to discover weaknesses in their security posture.
Web application vulnerability assessment: A specific type of vulnerability assessment that is targeted at web-based applications versus servers and networks. This type of assessment attempts to find weaknesses in application code and logic.
Static code analysis: Static code analysis inspects the source code of an application and attempts to determine whether flaws exist that could be exploited by an attacker.
Penetration testing: Penetration testing takes the results of vulnerability assessments and validates that an identified weakness is an exploitable vulnerability.