Which of the following is considered a "white box" test?

A "white box" test refers to a testing methodology where the tester has complete knowledge of the system, including its source code and architecture. This level of access enables comprehensive examination and analysis of the internal workings of the application. In the context of the question, static application security testing (SAST) fits this definition as it analyzes source code, bytecode, or binary code to identify security vulnerabilities without executing the program.

SAST allows security analysts to locate potential vulnerabilities early in the development process, making it beneficial for integrating security into the software development lifecycle. Since SAST tests the code in-depth and assesses the structure, logic, and data flow, it epitomizes the "white box" approach. This contrasts with other methods such as dynamic application security testing (DAST), which does not require access to the source code and evaluates how the application behaves during execution. Similarly, port scanning and penetration testing are typically associated with "black box" or "gray box" approaches, where not all internal information is available to the tester.