Which method is commonly used to assess the security of applications before they go live?

Static analysis is the correct method to assess the security of applications before they go live. This technique involves analyzing the source code and binaries of the application without executing it. By using static analysis, security vulnerabilities such as coding errors, incorrect configurations, and insecure libraries can be identified during the development phase. This proactive approach allows developers to address potential security flaws early in the software development lifecycle, reducing the risk of exploitation once the application is deployed.

The other methods listed are employed in different contexts. Network scanning is primarily used to identify vulnerabilities in networks and devices rather than in application code. Social engineering focuses on manipulating individuals to gain confidential information and is more about human factors than application security. Traffic analysis involves monitoring and analyzing data packets transmitted over a network, which is typically done after an application is live to assess its security posture in a real-world environment. Thus, static analysis stands out as the method specifically targeted at pre-deployment security assessment.