Vulnerabilities of potential release candidates can be detected before actually shipping the software.
Since attacks are performed on the running application, there is no dependency on any programming language.
Dynamic testing can uncover a bigger set of vulnerabilities.
Injecting malicious content into a running application may corrupt the runtime environment.
Dynamic testing cannot explore all logical flows.
There is a predefined set of attacks which a particular tool can enjoy without much scope of any changes