Below is a link to a recent professional blog post I made regarding the different classes of application security testing tools and what they do. This is meant as an intro for a person who is technical in nature, but not necessarily experienced with these kinds of tools. I gave a talk with similar subject matter at the 2017 ISC2 Security Congress and received a lot of follow-up inquiries so there appears to be some interest in this. I hope it is helpful and am providing merely as a service - I work for a non-profit we don't get paid for web traffic 🙂
I will be having a presentation at 2018 ISC2 Security Congress that is an extension of this topic.